US Patent 10574679 Identifying a security threat to a web-based resource

Access logs associated with user requests for a web-based resource are monitored. Parameter(s) that index records of the web-based resource are identified. A baseline distribution(s) of values of the parameter(s) are generated and, based on the baseline distribution(s), a baseline entropy of the parameter(s) is calculated. A distribution(s) of values of the parameters associated with user requests made by a particular user is generated and, based on the distribution(s), an entropy of the parameter(s) associated with the user requests is calculated. The entropy is compared to the baseline entropy. If a difference between the baseline entropy and the entropy exceeds a threshold, it is determined that the particular user poses a security threat to the web-based resource.