Method for detecting RDP login anomaly
US12184673B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 28, 2022 |
| Grant date | Dec 31, 2024 |
| Priority date | — |
| Expiry date | Jun 27, 2043 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F17/18
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method for detecting malicious connections from remote users into a computer network through Remote Desktop protocol via a computer having access to login logs of users. The method includes defining aspects, each divided into bins comprising a day of week aspect comprising n1 bins, a time of day aspect comprising n2 bins, a number of logins in a day aspect comprising n3 bins. The method includes defining a model based on the aspects and providing a score of log for each user; defining a baseline of log; applying the model on each user log to determine a production score of log and comparing the production score of log with respect to the baseline. The model includes calculating a probability density for each bin for each user, determining a weight for each aspect and calculating the score of log from the probability density weighted by the weight for each user.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.