| CPC H04L 63/1425 (2013.01) [H04L 63/08 (2013.01)] | 20 Claims |
|
1. A computer-implemented method comprising:
obtaining a plurality of attributes corresponding to an access request from a user to a remote application, wherein the plurality of attributes includes at least a time associated with the access request;
identifying an access distribution for the user that corresponds to at least an attribute of the plurality of attributes, wherein the access distribution quantifies application access according to a timescale; and
determining whether the access request is anomalous based at least in part on the identified access distribution and the time associated with the access request.
|