Network security systems for attributing network events to users

Assignee

• TARGET BRANDS, INC. · US

Inventors

• Paul Hutelmyer · Minneapolis, US
• Adam Blake · Watertown, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/20
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Disclosed are techniques for associating users of a network infrastructure to network or endpoint events within the network infrastructure. A method can include receiving, by a network security system that monitors and protects the network infrastructure, a packet for a network event, the packet including (i) information identifying a user device from which the network event originates and (ii) a payload, determining whether the packet triggers at least one association rule in a group of association rules, determining candidate users to be associated with the network event based on the rule triggered by the packet, determining confidence values for the candidate users to be associated with the network event based on the rule triggered by the packet, and returning the candidate users to associate with the network event and the corresponding confidence values.