Microsoft Corporation
Protecting storage by detecting unrecommended access

Abstract:

Described technologies enhance cybersecurity by leveraging collaborative filtering tools and techniques for security use by scoring attempts to access items in digital storage. Examples provided illustrate usage of accessor IDs and storage item IDs to compute recommendation scores which then operate as inverse measures of intrusion risk. Actions taken in response to recommendation scores that fall below a specified threshold may include preventing or terminating access, or alerting an administrator, for instance. A requested access may be allowed when the computed recommendation score is above a specified threshold, which indicates an acceptably low risk that the access is an unauthorized intrusion. Described cybersecurity technologies may be used by, or incorporated within, cloud services, cloud infrastructure, or virtual machines. Described cybersecurity technologies may also be used outside a cloud, e.g., on individual servers or on server clusters or on storage area networks that are not necessarily part of a cloud.