US 12,079,345 B2
Methods, systems, and media for testing insider threat detection systems
Salvatore J. Stolfo, New York, NY (US); and Preetam Kumar Dutta, New York, NY (US)
Assigned to The Trustees of Columbia University in the City of New York, New York, NY (US)
Filed by The Trustees of Columbia University in the City of New York, New York, NY (US)
Filed on Oct. 26, 2021, as Appl. No. 17/511,253.
Application 17/511,253 is a continuation of application No. 16/498,847, granted, now 11,194,915, previously published as PCT/US2018/027823, filed on Apr. 16, 2018.
Claims priority of provisional application 62/485,688, filed on Apr. 14, 2017.
Prior Publication US 2022/0284106 A1, Sep. 8, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/57 (2013.01); H04L 67/306 (2022.01); H04L 67/50 (2022.01)
CPC G06F 21/577 (2013.01) [H04L 67/306 (2013.01); H04L 67/535 (2022.05); G06F 2221/034 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A method for testing insider threat detection systems, the method comprising:
receiving, using a hardware processor, a first plurality of actions performed by one or more users in a computing environment;
generating, using the hardware processor, a plurality of models of user behavior based at least in part on the first plurality of actions;
selecting, using the hardware processor, a model of user behavior from the plurality of models of user behavior, wherein the model of user behavior is associated with a malicious user type;
generating a simulated user bot based on the selected model of user behavior; and
executing the simulated user bot in the computing environment, wherein the simulated user bot injects a second plurality of actions in the computing environment.