Facilitating detection of suspicious access to resources

What is claimed is: 1 . A computer-implemented method comprising: generating, via a computing device, an access graph that includes observed accesses between entities and resources; determining, via the computing device, an access score for each entity-resource pair in the access graph by applying a set of access rules to each entity-resource pair in the access graph, the access score indicating an extent of relatedness between the corresponding entity and resource; and utilizing the determined access scores to train, via the computing device, a probabilistic prediction model that predicts suspiciousness of accesses between entities and resources. 2 . The computer-implemented method of claim 1 , wherein the access graph includes properties associated with the entities and resources. 3 . The computer-implemented method of claim 1 , wherein the access graph is generated by: collecting observed access data; aggregating accesses between each entity-resource pair; and appending entity properties and resource properties for an entity and a resource in each entity-resource pair; 4 . The computer-implemented method of claim 1 , wherein the access graph is generated by: collecting observed access data from raw logs of accesses, the observed access data including indications of entities, resources, and accesses therebetween; for each entity-resource pair in the observed access data, aggregating accesses between the corresponding entity and resource; for each entity-resource pair, referencing entity properties associated with the corresponding entity and resource properties associated with the corresponding resource; and generating the access graph using each entity-resource pair, the aggregated accesses, and the corresponding entity properties and resource properties. 5 . The computer-implemented method of claim 1 further comprising: collecting access data from raw logs of accesses, the access data including indications of accesses between an entity and a resource, wherein the collected access data is used to generate the access graph. 6 . The computer-implemented method of claim 1 further comprising obtaining the set of access rules, each of the access rules indicating an access score for a particular entity-resource pair having corresponding properties. 7 . The computer-implemented method of claim 1 further comprising obtaining the set of access rules, the set of access rules provided by a user via a configuration or a user interface. 8 . The computer-implemented method of claim 1 , wherein each access rule of the set of access rules utilizes an entity property and a resource property to produce a corresponding access score. 9 . The computer-implemented method of claim 1 , wherein the access score comprises a real value number. 10 . The computer-implemented method of claim 1 further comprising obtaining the set of access rules from an external engine. 11 . The computer-implemented method of claim 1 , wherein when none of the access rules in the set of access rules are applicable to an entity-resource pair, determining a default value for the access score. 12 . The computer-implemented method of claim 1 , wherein when more than one access rule in the set of access rules are applicable to an entity-resource pair, determining an access score based on the multiple access rules applied to the entity-resource pair. 13 . The computer-implemented method of claim 1 , wherein the access data in the access graph includes artificial accesses between entities and resources. 14 . The computer-implemented method of claim 1 further comprising: generating artificial entity-resource pairs and artificial accesses between the artificial entity-resource pairs; determining access scores for the artificial entity-resource pairs by applying the set of access rules to the artificial entity-resource pairs; and utilizing the access scores for the artificial entity-resource pairs along with the access scores for the entity-resource pairs to train the probabilistic prediction model. 15 . The computer-implemented method of claim 1 further comprising: generating artificial entity-resource pairs and artificial accesses between the artificial entity-resource pairs; adding the artificial entity-resource pairs and artificial accesses to the access graph; determining access scores for the artificial entity-resource pairs by applying the set of access rules to the artificial entity-resource pairs; and utilizing the access scores for the artificial entity-resource pairs along with the access scores for the entity-resource pairs to train the probabilistic prediction model. 16 . The computer-implemented method of claim 1 further comprising: generating artificial entity-resource pairs and artificial accesses between the artificial entity-resource pairs; adding the artificial entity-resource pairs and artificial accesses to the access graph; applying the set of access rules to the artificial entity-resource pairs to determine access scores for the artificial entity-resource pairs, wherein any artificial entity-resource pairs are removed from the access graph when none of the access rules in the set of access rules are applicable to the artificial entity-resource pair; and utilizing the access scores for the artificial entity-resource pairs along with the access score for each entity-resource pair to train the probabilistic prediction model. 17 . The computer-implemented method of claim 1 further comprising generating an access score graph that includes the access score determined for each entity-resource pair. 18 . The computer-implemented method of claim 1 further comprising generating an access score graph that includes the access score determined for each entity-resource pair, wherein training the probabilistic prediction model includes utilizing the access score graph as input to train the probabilistic prediction model. 19 . The computer-implemented method of claim 1 , wherein the probabilistic prediction model comprises a prediction model that determines latent factors for the entities and the resources. 20 . The computer-implemented method of claim 1 , wherein the probabilistic prediction model comprises a prediction model that outputs latent factors for the entities and the resources and a function used to predict suspiciousness of accesses between entities and resources. 21 . The computer-implemented method of claim 1 further comprising: receiving a new entity-resource pair for which suspiciousness is to be predicted; and utilizing the trained probabilistic prediction model to predict the suspiciousness of an access for the new entity-resource pair. 22 . The computer-implemented method of claim 1 , wherein the probabilistic prediction model comprises a prediction model that outputs latent factors for the entities and the resources and a function used to predict suspiciousness of accesses between entities and resources, and wherein the method further comprises: receiving a new entity-resource pair for which suspiciousness is to be predicted; identifying latent factors associated with the entity and the resource of the new entity-resource pair; and applying the latent factors to the function to predict suspiciousness of an access between the entity and the resource of the new entity-resource pair. 23 . The computer-implemented method of claim 1 , wherein the probabilistic prediction model comprises a