spawn_access_control/
behavioral.rsuse chrono::{DateTime, Utc, Timelike};
use std::collections::HashMap;
use serde::Serialize;
#[derive(Debug, Clone, Serialize)]
pub struct AccessEvent {
pub user_id: String,
pub timestamp: DateTime<Utc>,
pub action: String,
pub resource: String,
pub success: bool,
pub duration: std::time::Duration,
}
#[derive(Debug, Clone, Serialize)]
pub struct AccessPattern {
pub pattern_type: PatternType,
pub confidence: f64,
pub occurrences: u32,
pub first_seen: DateTime<Utc>,
pub last_seen: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize)]
pub enum PatternType {
TimeOfDay,
ResourceSequence,
FailurePattern,
BulkAccess,
}
impl AccessPattern {
pub fn new(pattern_type: PatternType, confidence: f64) -> Self {
Self {
pattern_type,
confidence,
occurrences: 1,
first_seen: Utc::now(),
last_seen: Utc::now(),
}
}
}
pub struct BehaviorAnalyzer {
#[allow(dead_code)]
patterns: HashMap<String, Vec<AccessPattern>>,
}
impl BehaviorAnalyzer {
pub fn new() -> Self {
Self {
patterns: HashMap::new(),
}
}
pub fn analyze_time_patterns(&self, events: &[AccessEvent]) -> Vec<AccessPattern> {
let mut hour_counts = vec![0; 24];
let patterns = Vec::new();
for event in events {
let hour = event.timestamp.hour() as usize;
hour_counts[hour] += 1;
}
let mut _max_hour = 0; let mut max_count = 0;
for (hour, &count) in hour_counts.iter().enumerate() {
if count > max_count {
max_count = count;
_max_hour = hour; }
}
patterns
}
}