发明名称 | Anomaly detection based on profile history and peer history | ||
摘要 | A method and apparatus for automatic anomaly detection based on profile history and peer history are described. An anomaly detection system collects file-activity data pertaining to file accesses activities in a network share. The system computes file access patterns for the individual users and compares the individual user's file access pattern against a profile history to find a first deviation. The system also identifies a cluster of users from the group based on at least one of user collaborations of individual users of the group or a reporting structure of the group of users. When the first deviation is found, the system compares the user's file access pattern against a peer history of the other individual users in the cluster to find a second deviation. The system reports an anomaly in the file access patterns by the individual user when the first deviation and the second deviation are found. | ||
申请公布号 | US9166993(B1) | 申请公布日期 | 2015.10.20 |
申请号 | US201313950744 | 申请日期 | 2013.07.25 |
申请人 | SYMANTEC CORPORATION | 发明人 | Liu Yin |
分类号 | H04L29/06 | 主分类号 | H04L29/06 |
代理机构 | Lowenstein Sandler LLP | 代理人 | Lowenstein Sandler LLP |
主权项 | 1. A method comprising: collecting, by an anomaly detection system executing by a processor, file-activity data pertaining to file accesses to files in an identified network share accessed by a group of individual users; computing, by the anomaly detection system, file access patterns for the individual users in the group from the file-activity data; for one of the individual users, comparing the individual user's file access pattern against a profile history of the individual user to find a first deviation in the file accesses by the individual user; identifying, by the anomaly detection system, a cluster of users from the group based on at least one of user collaborations of individual users of the group or a reporting structure of the group of users; when the first deviation is found, comparing the individual user's file access pattern against a peer history of the other individual users in the cluster to find a second deviation; and reporting, by the anomaly detection system, an anomaly in the file access patterns by the individual user when the first deviation and the second deviation are found. | ||
地址 | Mountain View CA US |