System and method for detecting anomalies associated with network traffic to cloud applications
US10536473B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 15, 2017 |
| Grant date | Jan 14, 2020 |
| Priority date | — |
| Expiry date | Oct 7, 2037 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1441
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
An anomaly detection system is provided and includes a processor, a memory, and a security application that is stored in the memory and includes instructions. The instructions are configured to collect information of behavior data for the users of an organization accessing cloud applications via a distributed network. The behavior data includes one or more parameters tracked over time for the users. The instructions are further configured to: establish baselines for each of the users and for each of the cloud applications or types of cloud applications of the organization; detect anomalies based on the baselines; provide aggregated anomaly data by aggregating anomalies corresponding to two or more of the baselines and a same behavior or corresponding to multiple users of a same cloud application during a same period of time; determine a risk value based on the aggregated anomaly data; and perform a countermeasure based on the risk value.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.