CPC H04L 63/1425 (2013.01) [G06F 9/455 (2013.01); G06F 9/545 (2013.01); G06F 16/9024 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/57 (2013.01); H04L 43/045 (2013.01); H04L 43/06 (2013.01); H04L 63/10 (2013.01); H04L 67/306 (2013.01); H04L 67/535 (2022.05); G06F 16/2456 (2019.01)] | 18 Claims |
1. A system, comprising:
a processor configured to:
generate, based on log data associated with at least one user session in a network environment associated with an original user, a logical graph, wherein the logical graph comprises: (1) a first node corresponding to the original user, (2) at least a second node, and (3) a set of edges, wherein the set of edges include at least one edge connecting the first node to the second node;
use the generated logical graph to detect an anomaly, wherein detecting the anomaly includes determining that a change has been made to the set of edges, wherein the anomaly is associated with a second user different from the original user, and wherein the detecting the anomaly includes determining an association between the second user and the original user; and
in response to detecting the anomaly, take a remedial action; and
a memory coupled to the processor and configured to provide the processor with instructions.
|