&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11853450.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,853,450 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Detection of web application anomalies using machine learning</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Sultan Saadaldean Alsharif,  Al-Khobar (SA);  Mohammed Ahmad Ababtain,  Khobar (SA); and  Adrian Francis Goodhead,  Dhahran (SA)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Saudi Arabian Oil Company,  Dhahran (SA)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Saudi Arabian Oil Company,  Dhahran (SA)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Oct.  26, 2020, as Appl. No. 17/079,778.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Claims priority of provisional application 62/931,038, filed on Nov.  5, 2019.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2021/0133346 A1, May   6, 2021</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>G06F 21/62</b></i> (2013.01); <i><b>G06F 16/906</b></i> (2019.01); <i><b>G06F 16/958</b></i> (2019.01); <i><b>G06F 16/953</b></i> (2019.01); <i><b>G06N 20/00</b></i> (2019.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>G06F 21/6227</b></i> (2013.01)&#xa0;[<i><b>G06F 16/906</b></i> (2019.01); <i><b>G06F 16/953</b></i> (2019.01); <i><b>G06F 16/986</b></i> (2019.01); <i><b>G06N 20/00</b></i> (2019.01)]</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11853450-20231226-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method comprising:<div class="claim_text">receiving, by one or more processors of a web server, web application logs and database logs, the web server associated with an N-tier architecture;</div>
                <div class="claim_text">segmenting, by a machine learning algorithm executed by the one or more processors, the web application logs and the database logs into a plurality of clusters based on probability density modeling, such that a variance of features within each cluster of the plurality of clusters is less than a threshold variance, each cluster of the plurality of clusters corresponding to one of authorized access of one or more backend databases or unauthorized access of the one or more backend databases;</div>
                <div class="claim_text">comparing, by the one or more processors, each cluster of the plurality of clusters to one or more baseline clusters corresponding to the authorized access of the one or more backend databases;</div>
                <div class="claim_text">determining, by the one or more processors, that a particular cluster of the one or more clusters corresponds to the unauthorized access of the one or more backend databases based on the comparison; and</div>
                <div class="claim_text">responsive to determining that the particular cluster of the one or more clusters corresponds to the unauthorized access of the one or more backend databases, generating, by a display device of the web server, a graphical user interface representing the particular cluster.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>