Browse Prior Art Database

User Behavior Profiling Using Policy Decisions Disclosure Number: IPCOM000253746D
Publication Date: 2018-Apr-30

Publishing Venue

The Prior Art Database

Related People

Kelley, James Slik, David Shah, Peter


Disclosed is a method to detect when malicious users attempt to disrupt a system. The method uses the normal audit logs produced by the policy decision point (PDP) in a XACML architecture to produce a uniform, system-independent log of user data accesses to build a model of typical user behavior. When a model of typical behavior is in place, organizations can more readily detect aberrant behavior.