Session slicing of mirrored packets
US-12184680-B2 · Dec 31, 2024 · US
Autonomous monitoring of applications in a cloud environment
US2020128047A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2020128047-A1 |
| Application number | US-201916657545-A |
| Country | US |
| Kind code | A1 |
| Filing date | Oct 18, 2019 |
| Priority date | Oct 19, 2018 |
| Publication date | Apr 23, 2020 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Provided are systems and methods for analyzing actions performed by users in using a cloud service, and adjusting the configuration of a security management and control system based on the analysis. In various examples, the analysis can include generating a weighted directed graph that reflects a user's use of the cloud service, and/or reflects the tenant's overall use of the cloud service. When the security monitoring and control system generates security alerts, the actions that resulted in the alerts can be compared to the graph to determine whether the actions are in accordance with prior behavior of the users. When the actions do correspond to the graph, the system can recommend that the security control or security policy that triggered the alert be modified. In various examples, the graphs can also be used to determine whether any user's actions are anomalous as compared to earlier behavior.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method for detecting usage anomalies in a multi-tenant cloud environment, the method comprising: obtaining activity data from a service provider system, wherein the activity data describes actions performed during use of a cloud service, wherein the actions are performed by one or more users associated with a tenant, wherein the service provider system provides the tenant with a tenant account, and wherein the tenant account enables the one or more users to access the cloud service; determining, from the activity data, actions performed by a particular user; and generating, using the actions, a directed graph, wherein each node in the directed graph represents an action performed by the particular user, and wherein each connection between two nodes represents a sequence in performance of actions represented by the two nodes. 2 . The method of claim 1 , further comprising: determining that an event in the activity data conflicts with a security control associated with the cloud service; determining that the event corresponds an event captured in the directed graph; and generating a recommendation that the security control be modified. 3 . The method of claim 1 , further comprising: determining that an event in the activity data violates a security policy; determining that the event corresponds to an event captured in the directed graph; and generating a recommendation to modify the security policy. 4 . The method of claim 1 , further comprising: obtaining additional activity data from the service provider system; mapping actions performed by the particular user to the directed graph; determining, from the mapping, that the particular user performed actions that do not correspond to the graph; and generating an alert that an anomaly has been detected. 5 . The method of claim 1 , wherein weights assigned to each node indicate a number of times the corresponding actions represented by the nodes were performed. 6 . The method of claim 1 , wherein a weight assigned to each connection between two nodes indicates a number of times a first action represented by a first node from the two nodes preceded a second action represented by a second node from the two nodes. 7 . The method of claim 1 , wherein each node is associated with a set of contextual parameters that are associated with the action represented by the node. 8 . The method of claim 1 , further comprising: receiving input including a request to register the cloud service with the security management system. 9 . The method of claim 8 , further comprising: configuring a pre-determined set of security controls for the cloud service. 10 . The method of claim 9 , further comprising: using the directed graph to adjust the set of security controls. 11 . The method of claim 8 , further comprising: configuring a pre-determined set of security policies for the tenant. 12 . The method of claim 11 , further comprising: using the directed graph to adjust the set of security policies. 13 . A system comprising: one or more processors; and one or more memory devices comprising instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising: obtaining activity data from a service provider system, wherein the activity data describes actions performed during use of a cloud service, wherein the actions are performed by one or more users associated with a tenant, wherein the service provider system provides the tenant with a tenant account, and wherein the tenant account enables the one or more users to access the cloud service; determining, from the activity data, actions performed by a particular user; and generating, using the actions, a directed graph, wherein each node in the directed graph represents an action performed by the particular user, and wherein each connection between two nodes represents a sequence in performance of actions represented by the two nodes. 14 . The system of claim 13 , wherein weights assigned to each node indicate a number of times the corresponding actions represented by the nodes were performed. 15 . The system of claim 13 , wherein a weight assigned to each connection between two nodes indicates a number of times a first action represented by a first node from the two nodes preceded a second action represented by a second node from the two nodes. 16 . The system of claim 13 , wherein each node is associated with a set of contextual parameters that are associated with the action represented by the node. 17 . A non-transitory computer-readable medium comprising instructions that, when executed by one or more processors, cause the one or more processors to perform operations comprising: obtaining activity data from a service provider system, wherein the activity data describes actions performed during use of a cloud service, wherein the actions are performed by one or more users associated with a tenant, wherein the service provider system provides the tenant with a tenant account, and wherein the tenant account enables the one or more users to access the cloud service; determining, from the activity data, actions performed by a particular user; and generating, using the actions, a directed graph, wherein each node in the directed graph represents an action performed by the particular user, and wherein each connection between two nodes represents a sequence in performance of actions represented by the two nodes. 18 . The non-transitory computer-readable medium of claim 17 , wherein weights assigned to each node indicate a number of times the corresponding actions represented by the nodes were performed. 19 . The non-transitory computer-readable medium of claim 17 , wherein a weight assigned to each connection between two nodes indicates a number of times a first action represented by a first node from the two nodes preceded a second action represented by a second node from the two nodes. 20 . The non-transitory computer-readable medium of claim 17 , wherein each node is associated with a set of contextual parameters that are associated with the action represented by the node.
Assignees
Inventors
Classifications
in which an application is distributed across nodes in the network (software deployment G06F8/60; multiprogramming arrangements G06F9/46) · CPC title
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title
for graphical visualisation of monitoring data · CPC title
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Electricity · mapped topic
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2020128047A1 cover?
- Provided are systems and methods for analyzing actions performed by users in using a cloud service, and adjusting the configuration of a security management and control system based on the analysis. In various examples, the analysis can include generating a weighted directed graph that reflects a user's use of the cloud service, and/or reflects the tenant's overall use of the cloud service. Whe…
- Who is the assignee on this patent?
- Oracle Int Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Apr 23 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).