CPC G06F 21/316 (2013.01) [G06F 21/552 (2013.01); G06F 2221/2101 (2013.01)] | 20 Claims |
1. A method by one or more computing devices to detect anomalous accesses to a system, the method comprising:
generating a technical maturity profile of a system user based on analyzing historical commands submitted by the system user to the system; and
determining whether an access by the system user to the system is anomalous based on determining technical maturity attributes of a command submitted by the system user to perform the access, comparing the technical maturity attributes of the command to the technical maturity profile of the system user, and determining whether the access involves copying of commands, wherein a determination that the access involves copying of commands reduces a likelihood that the access is determined to be anomalous to reduce false positives.
|