Browse Prior Art Database

User Behavior Profiling Using Policy Decisions

IP.com Disclosure Number: IPCOM000253746D
Publication Date: 2018-Apr-30

Publishing Venue

The IP.com Prior Art Database

Related People

Inventors:
Kelley, James Slik, David Shah, Peter

Abstract

Disclosed is a method to detect when malicious users attempt to disrupt a system. The method uses the normal audit logs produced by the policy decision point (PDP) in a XACML architecture to produce a uniform, system-independent log of user data accesses to build a model of typical user behavior. When a model of typical behavior is in place, organizations can more readily detect aberrant behavior.