Microsoft Corporation
MULTI-FACTOR ILLICIT ENUMERATION DETECTION

Abstract:

Techniques are described herein that are capable of using multiple factors to detect illicit enumeration. Object requests are parsed among request types such that each request type includes object request(s) that share a respective common attribute. Each object request requests information about an object. Scores are generated for the respective request types such that the score for each request type is based at least in part on a count of the object request(s) in the respective request type. The scores for the respective request types are aggregated to provide a malicious activity score that represents a likelihood that the illicit enumeration has occurred. The malicious activity score is compared to a score threshold. A remedial operation is selectively performed with regard to the illicit enumeration based at least in part on whether the malicious activity score is greater than or equal to the score threshold.