System and method for detecting anomalies including detection and removal of outliers associated with network traffic to cloud applications

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Anton Wolkov · Nes Ziona, IL
• Shai Kaplan · Kfar Sava, IL
• Yonatan Most · Nes Ziona, IL
• Ido Bar Av · Nes Ziona, IL

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L67/535
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

An anomaly detection system is provided and includes a processor, a memory and a security application stored in the memory and including instructions. The instructions are for collecting behavior data corresponding to users of an organization accessing cloud applications. The behavior data includes parameters tracked over time for the users. The instructions are for: creating a first model based on the behavior data tracked for the users; creating a second model corresponding to a first user based on the parameters tracked for the users except the first user, where the second model excludes behavior data pertaining to the first user; scoring the second model based on the first model to generate a first score; determining whether the first user is an outlier based on the first score; and removing the behavior data corresponding to the first user from the first model if the first user is an outlier.