摘要 |
Described herein are systems and methods for performing potentially malicious activity detection operations. Embodiments may include receiving data associated with a plurality of authentication messages; analyzing the received data associated with the plurality of authentication messages; determining, based on the analyzing, a plurality of characteristics of the data associated with the authentication messages; receiving data associated with a new authentication message communicated over the network; determining a plurality of characteristics of the data associated with the new authentication message; comparing at least one determined characteristic of the new authentication message data with at least one of: a determined characteristic of the plurality of authentication messages data, known valid data, and known invalid data; and generating, based on the comparison, an assessment of whether the new authentication message is indicative of the potentially malicious activity in the network. |
主权项 |
1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for detecting potentially malicious activity, comprising:
receiving data associated with a plurality of authentication messages, wherein at least some of the received data includes secure ticket data, the authentication messages having been communicated over a network; analyzing the received data associated with the plurality of authentication messages; determining, based on the analyzing, a plurality of characteristics of the data associated with the authentication messages, wherein a characteristic from the plurality of characteristics includes the secure ticket data; receiving data associated with a new authentication message communicated over the network; determining a plurality of characteristics of the data associated with the new authentication message; comparing at least one determined characteristic of the new authentication message data with at least one of: a determined characteristic of the plurality of authentication messages data, known valid data, and known invalid data; and generating, based on the comparison, an assessment of whether the new authentication message is indicative of the potentially malicious activity in the network. |