spawn_access_control/
behavioral.rs1use chrono::{DateTime, Utc, Timelike};
2use std::collections::HashMap;
3use serde::Serialize;
4
5#[derive(Debug, Clone, Serialize)]
6pub struct AccessEvent {
7 pub user_id: String,
8 pub timestamp: DateTime<Utc>,
9 pub action: String,
10 pub resource: String,
11 pub success: bool,
12 pub duration: std::time::Duration,
13}
14
15#[derive(Debug, Clone, Serialize)]
16pub struct AccessPattern {
17 pub pattern_type: PatternType,
18 pub confidence: f64,
19 pub occurrences: u32,
20 pub first_seen: DateTime<Utc>,
21 pub last_seen: DateTime<Utc>,
22}
23
24#[derive(Debug, Clone, Serialize)]
25pub enum PatternType {
26 TimeOfDay,
27 ResourceSequence,
28 FailurePattern,
29 BulkAccess,
30}
31
32impl AccessPattern {
33 pub fn new(pattern_type: PatternType, confidence: f64) -> Self {
34 Self {
35 pattern_type,
36 confidence,
37 occurrences: 1,
38 first_seen: Utc::now(),
39 last_seen: Utc::now(),
40 }
41 }
42}
43
44pub struct BehaviorAnalyzer {
45 #[allow(dead_code)]
46 patterns: HashMap<String, Vec<AccessPattern>>,
47}
48
49impl BehaviorAnalyzer {
50 pub fn new() -> Self {
51 Self {
52 patterns: HashMap::new(),
53 }
54 }
55
56 pub fn analyze_time_patterns(&self, events: &[AccessEvent]) -> Vec<AccessPattern> {
57 let mut hour_counts = vec![0; 24];
58 let patterns = Vec::new();
59
60 for event in events {
61 let hour = event.timestamp.hour() as usize;
62 hour_counts[hour] += 1;
63 }
64
65 let mut _max_hour = 0; let mut max_count = 0;
67
68 for (hour, &count) in hour_counts.iter().enumerate() {
69 if count > max_count {
70 max_count = count;
71 _max_hour = hour; }
73 }
74
75 patterns
77 }
78}