| CPC H04L 63/1416 (2013.01) [H04L 63/08 (2013.01)] | 19 Claims |
|
1. A method for detecting attacks against a software service authentication system configured to authorize access to software services, the method comprising:
using at least one processor to perform:
accessing a first user activity profile specifying values of parameters indicating a first user's pattern of requesting access to one or more unique software services through the software service authentication system, wherein:
the first user is authorized to request access to software services after authentication of the user by the software service authentication system; and
the values of the parameters indicating the first user's pattern of requesting access to one or more unique software services indicate a threshold ratio of authentications to unique software service requests;
monitoring computing activity of the first user during a first time period to obtain software service request data indicating one or more requests by the first user during the first time period to access one or more software services through the software service authentication system; and
determining, using the software service request data and the first user activity profile, whether the computing activity of the first user during the first time period is anomalous, the determining comprising:
determining, using the values of the parameters specified by the first user activity profile, whether the one or more requests by the first user during the first time period match the first user's pattern of requesting access to one or more unique software services through the software service authentication system; and
determining that the computing activity of the first user during the first time period is anomalous when it is determined that the one or more requests by the first user during the first time period do not match the first user's pattern of requesting access to one or more unique software services through the software service authentication system.
|