Anomaly-based mitigation of access request risk

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Christopher Michael Jeffords · Bothell, US
• Srikanth Bolisetty · Redmond, US
• Ayala Miller · Bellevue, US
• Pavan Gopal Bandla · Duvall, US
• Ramin L. Halviatti · Santa Cruz, US
• LiLei Cui · Sammamish, US
• James Matthew Atkins · Redmond, US
• Jessica Michelle Satnick · Seattle, US
• Ravi Kumar Lingamallu · Redmond, US
• Ahmed Awad-Idris · Sammamish, US
• Amritaputra Bhattacharya · Bellevue, US
• Sunil Pai · Portland, US
• Kaymie Sato-Hayashi-Kagawa Shiozawa · Cambridge, US
• Noah Bergman · Walnut Creek, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1425
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Access to secured items in a computing system is requested instead of being persistent. Access requests may be granted on a just-in-time basis. Anomalous access requests are detected using machine learning models based on historic patterns. Models utilizing conditional probability or collaborative filtering also facilitate the creation of human-understandable explanations of threat assessments. Individual machine learning models are based on historic data of users, peers, cohorts, services, or resources. Models may be weighted, and then aggregated in a subsystem to produce an access request risk score. Scoring principles and conditions utilized in the scoring subsystem may include probabilities, distribution entropies, and data item counts. A feedback loop allows incremental refinement of the subsystem. Anomalous requests that would be automatically approved under a policy may instead face human review, and low threat requests that would have been delayed by human review may instead be approved automatically.