Patent · US Active

Suspicious activity detection in computer networks

US10778689B2 · kind B2 · utility

0Cited by

7References

20Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Chul Sung · White Plains, US
Nicholas Sauriol · Ottawa, CA
Brian Martin · McMurray, US

Key dates

Filing date	Sep 6, 2018
Grant date	Sep 15, 2020
Priority date	—
Expiry date	Mar 15, 2039

Classification

Technology area (CPC H)Electricity
CPC primaryH04L2463/144
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Methods and systems of classifying suspicious users are described. A processor may determine whether a domain name, of an email address of a user that requested to access a network, is valid. The processor may classify the user as a suspicious user if the domain name is invalid. If the domain name is valid, the processor may determine a likelihood that the email address is a script-generated email address. The processor may classify the user as a suspicious user if the email address is likely to be a script-generated email address. If the email address is unlikely to be a script-generated email address, the processor may identify abnormal usage behavior exhibited by the user based on a reference model. The processor may classify the user as a suspicious user if abnormal usage behavior is identified, and may reject a subsequent request from the user to access the network.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.