SUSPICIOUS ACTIVITY DETECTION IN COMPUTER NETWORKS
Methods and systems of classifying suspicious users are described. A processor may determine whether a domain name, of an email address of a user that requested to access a network, is valid. The processor may classify the user as a suspicious user if the domain name is invalid. If the domain name i...
Gespeichert in:
| Hauptverfasser: | , , |
|---|---|
| Format: | Patent |
| Sprache: | chi ; eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | Methods and systems of classifying suspicious users are described. A processor may determine whether a domain name, of an email address of a user that requested to access a network, is valid. The processor may classify the user as a suspicious user if the domain name is invalid. If the domain name is valid, the processor may determine a likelihood that the email address is a script-generated email address. The processor may classify the user as a suspicious user if the email address is likely to be a script-generated email address. If the email address is unlikely to be a script-generated email address, the processor may identify abnormal usage behavior exhibited by the user based on a reference model. The processor may classify the user as a suspicious user if abnormal usage behavior is identified, and may reject a subsequent request from the user to access the network.
描述了对可疑用户进行分类的方法和系统。处理器可以确定请求访问网络的用户的电子邮件地址的域名是否有效。如果域名无效,则处理器可以将用户分类为可疑用户。如果域名有效,则处理器可以确定电子邮件地址是脚本生成的电子邮件地址的可能性。如果电子邮件地址可能是脚本生成的电子邮件地址,则处理器可 |
|---|