Detecting abnormal database activity
US11599442B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Nov 29, 2021 |
| Grant date | Mar 7, 2023 |
| Priority date | — |
| Expiry date | Nov 29, 2041 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2201/865
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
In a present invention embodiment, time series data is received including information pertaining to a corresponding attribute of monitored activity on a processing device. An upper bound of the time series data is determined based on a weighted combination of a prior upper bound and a current value derived from the time series data. Greater weight is provided to greater values in the time series data based on an exponent applied to the prior upper bound and the current value and an effect of older values in the time series data decays over time based on a smoothing factor applied to exponential values of the prior upper bound and the current value. The upper bound is applied to a profile of an entity, and abnormal activity on the processing device is detected based on a comparison of the upper bound to a corresponding bound of the profile.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.