ANOMALY DETECTION FOR ACCESS CONTROL EVENTS

摘要

Methods for managing access to protected resources within a computing environment and detecting anomalies related to access control events are described. An access control system may acquire a request for access to a protected resource, identify a username associated with the request, acquire contextual information associated with the request for access (e.g., a time of day associated with a location of a device making the request), acquire a baseline set of rules for the username, detect a deviation from the baseline set of rules based on the contextual information, acquire additional authentication information in response to detecting the deviation, authorize access to the protected resource based on the additional authentication information, generate a record of the request for access including the contextual information, and update the baseline set of rules if an intrusion to the access control system has not been detected within a threshold period of time.

主权项

1. A method for managing access to protected resources within a computing environment, comprising:
receiving a request for access to a protected resource within the computing environment originating from a computing device, the request for access is associated with a username; acquiring a baseline set of rules for the username derived from previous access requests associated with the username, the baseline set of rules comprises a set of locations; acquiring contextual information corresponding with the request for access, the contextual information comprises a location of the computing device; detecting a deviation from the baseline set of rules based on the contextual information; acquiring additional authentication information in response to detecting the deviation; and authorizing access to the protected resource based on the additional authentication information.