User Behavior Profiling Using Policy Decisions
Publication Date: 2018-Apr-30
The IP.com Prior Art Database
Disclosed is a method to detect when malicious users attempt to disrupt a system. The method uses the normal audit logs produced by the policy decision point (PDP) in a XACML architecture to produce a uniform, system-independent log of user data accesses to build a model of typical user behavior. When a model of typical behavior is in place, organizations can more readily detect aberrant behavior.