US 11,777,945 B1
Predicting suspiciousness of access between entities and resources
George Apostolopoulos, San Jose, CA (US); and Ignacio Nicolas Bermudez Corrales, Sunnyvale, CA (US)
Assigned to Splunk Inc., San Francisco, CA (US)
Filed by SPLUNK Inc., San Francisco, CA (US)
Filed on Jan. 27, 2022, as Appl. No. 17/586,086.
Application 17/586,086 is a continuation of application No. 16/051,236, filed on Jul. 31, 2018, granted, now 11,271,939.
This patent is subject to a terminal disclaimer.
Int. Cl. G06N 20/00 (2019.01); G06N 7/00 (2023.01); H04L 9/40 (2022.01); G06F 16/28 (2019.01)
CPC H04L 63/102 (2013.01) [G06F 16/288 (2019.01); G06N 7/00 (2013.01); G06N 20/00 (2019.01); H04L 63/1425 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
receiving an entity-resource pair for which suspiciousness is to be predicted, wherein the entity-resource pair indicates an entity and a resource associated with an access between the entity and the resource;
predicting, using a probabilistic prediction model, suspiciousness of the entity-resource pair, wherein the probabilistic prediction model is trained using observed accesses between entities and resources, a set of access rules indicating appropriateness levels for accesses between the entities and the resources, and artificial access data randomly generated to include unobserved associations of entity-resource pairs; and
outputting an indication of whether the access is suspicious.