Securing applications through similarity-based risk assessment

We claim: 1. A method, comprising: logging application activity for a group of users while the users have enhanced access to one or more applications; receiving a request for an enhanced access session for a first user in the group, wherein enhanced access comprises temporarily granting expanded permissions, access to additional functionality, or access to additional data; performing a similarity analysis based on the logged application activity, the similarity analysis comparing application activity of the first user in the group and application activity of other users in the group; based on the similarity analysis, determining a risk classification for the first user; and based on the risk classification, granting or denying the request for the enhanced access session for the first user in the group. 2. The method of claim 1 , further comprising generating a notification based on the risk classification, the notification recommending whether to approve or deny an enhanced application access session for the first user. 3. The method of claim 1 , wherein the similarity analysis identifies a subset of other users in the group having logged application activity most similar to the first user. 4. The method of claim 1 , further comprising aggregating the logged application activity for the users. 5. The method of claim 4 , further comprising generating a bipartite graph based on the aggregated application activity, the bipartite graph relating the users to application transactions, wherein the similarity analysis is performed on the bipartite graph. 6. The method of claim 5 , wherein the users of the group form nodes of a first set, application transactions from the aggregated application activity form nodes of a second set, and edges of the bipartite graph connect the nodes of the first set and second set. 7. The method of claim 6 , wherein the similarity analysis comprises comparing application transactions connected to the first user by edges of the bipartite graph to application transactions connected to other users of the group by edges of the bipartite graph. 8. The method of claim 1 , wherein the similarity analysis comprises calculating numerical similarity scores for the first user relative to other users in the group. 9. The method of claim 8 , wherein determining the risk classification comprises comparing one of the numerical similarity scores for the first user, a combination of multiple numerical similarity scores, or a risk score determined based on one or more of the similarity scores to a threshold, wherein a score on one side of the threshold indicates that the first user is lower risk, and wherein a score on the other side of the threshold indicates that the first user is higher risk. 10. The method of claim 9 , further comprising upon determining that the threshold is exceeded, conditionally approving the first user for an enhanced application access session. 11. The method of claim 1 , further comprising: performing similarity analyses and determining risk classifications for other users in the group; and generating risk profiles for the first user and other users in the group based on the risk classifications. 12. The method of claim 1 , wherein the similarity analysis is performed after the request for an enhanced access session for the first user is received. 13. A system, comprising: at least one processor; and one or more computer-readable storage media storing computer-readable instructions that, when executed by the at least one processor, perform operations comprising: generating a bipartite graph relating users in a user group to application transactions performed by the users during enhanced application access sessions, wherein enhanced access comprises expanded permissions, access to additional functionality, or access to additional data; receiving a request for an enhanced access session for a first user in the user group; using the bipartite graph, performing, for the users, similarity analyses between the first user and other users in the user group; based on the similarity analyses, determining risk classifications for the users of the user group; generating risk profiles for the users in the user group based on the risk classifications; and based on the risk profiles, granting or denying the request for the enhanced access session for the first user in the user group. 14. The system of claim 13 , wherein the risk profiles are updated periodically based on additional logged application activity. 15. The system of claim 13 , wherein during an enhanced application access session, a user temporarily has increased permissions and greater access to data and functionality than the user normally has. 16. The system of claim 13 , wherein: the respective users in the group form nodes of a first set, the application transactions performed by the users form nodes of a second set, and edges of the bipartite graph connect the nodes of the first set and second, and the similarity analyses comprise, for the respective users, comparing application transactions connected to the user by edges of the bipartite graph to application transactions connected to other users of the group by edges of the bipartite graph. 17. The system of claim 13 , wherein the application transactions performed by the users during enhanced application access sessions are logged, aggregated by user, and used to generate the bipartite graph. 18. One or more computer storage devices storing computer-executable instructions for risk assessment, the risk assessment comprising: receiving an enhanced application access session request for a first user, wherein an enhanced application access session temporarily grants the first user one or more of expanded permissions, expanded access to data, or expanded access to functionality; based on logged application activity for a group of users, the group including the first user, during previous enhanced application access sessions, generating a bipartite graph relating the users in the group to application transactions performed by the users in the group during the enhanced application access sessions; performing a similarity analysis using the bipartite graph, the similarity analysis comparing application transactions performed by the first user to application transactions performed by other users in the group; and generating an approval recommendation for the enhanced application access session request based on the similarity analysis. 19. The computer storage devices of claim 18 , wherein performing the similarity analysis comprises: calculating similarity scores for the other users in the group relative to the first user, the similarity scores indicating a similarity between the transactions performed by the other users and the transactions performed by the first user; and determining a risk score based on a mean of a subset of the similarity scores that indicate greatest similarity to the first user, wherein the risk score is used to generate the approval recommendation.