Reducing false detection of anomalous user behavior on a computer network

Assignee

• Netskope, Inc. · US

Inventors

• Dipak Patil · Sangli, IN
• Yi Zhang · Santa Clara, US
• Yihua Liao · Fremont, US
• Prathamesh Deshpande · San Jose, US
• Yongxin Wang · San Ramon, US
• Siying Yang · Cupertino, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1466
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

The disclosed technology teaches a method of reducing false detection of anomalous user behavior on a computer network, including forming groups from identity and access management (IAM) properties and assigning the users into initially assigned groups based on respective IAM properties, and recording individual user behavior in a statistical profile, including application usage frequency. The method also includes dynamically assigning a user with a realigned group, different from the initial assigned group, based on comparing the recorded user behavior, with user behavior in statistical profiles of the users in the groups, evaluating and reporting anomalous events among ongoing behavior of the individual user based on deviations from a statistical profile of the realigned group. The method utilizes common app usage for forming the groups, in some cases. Further, evaluating anomalous events includes evaluating deviations of the events among ongoing behavior of the individual user based from the individual's statistical profile.