Few weeks back I went to attend Oracle Openworld in San Francisco and while I was on the demo grounds to see what oracle has to offer in the Identity and Access Control I met one product group which is building a "Adaptive Access Control" product.
This product builds the intelligence based on your previous access controls and compare them on next logon. This can be configured to make the metrics over a predefined period of time and freeze the statistics for next access requests.
For example if you are accessing the system between 8AM and 5PM on a daily basis and one day it gets the request at 10PM then it will deny the access.
This seems a good idea to me except for the reason that how long it takes to capture the metrics and how it handles the exceptions.
Another scenario could be that you access the system from North America reason and one day it sees the request from India then it has a valid reason to suspect the request.