Detecting anomalous accounts using event logs

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Jennifer LeMond · Kirkland, US
• Haoyang Duan · Seattle, US
• Xiaoming Wang · Sunnyvale, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2151
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

The claimed subject matter includes techniques for detecting anomalous accounts. An example method includes receiving, via a processor, a list of monitored machines and event logs including logons for the list of monitored machines for a predetermined window of time. The example method also includes generating, via the processor, a baseline based on the event logs for the predetermined window of time. The example method also includes collecting, via the processor, daily logon events after the predetermined time and comparing the daily logon events to the baseline. The method further includes detecting, via the processor, an anomalous account based on a difference of logon events of the anomalous account from the baseline. The method also includes displaying, via the processor, the detected anomalous account.