Network traffic with credential signatures
US-10003466-B1 · Jun 19, 2018 · US
System security configurations based on assets associated with activities
US10412099B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10412099-B2 |
| Application number | US-201615189500-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 22, 2016 |
| Priority date | Jun 22, 2016 |
| Publication date | Sep 10, 2019 |
| Grant date | Sep 10, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Various systems, mediums, and methods may involve a data engine with various components. For example, a system with the data engine may include a segmentation component, an asset preparation component, a clustering component, a variable generation component, and classification component. As such, the system may determine a number of assets associated with a number of activities of one or more accounts. Further, the system may determine various links associated with the number of assets. As such, the system may detect an attack and/or an attack trend associated with the one or more accounts based on the various links associated with the number assets. Further, the system may generate a notification that indicates the attack and/or the attack trend detected.
First claim
Opening claim text (preview).
The invention claimed is: 1. A system, comprising: a non-transitory memory; and one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising: accessing electronic transaction activities segmented into a first plurality of electronic transaction activities and a second plurality of electronic transaction activities based on a time at which each of the electronic transaction activities was performed, wherein the first plurality of electronic transaction activities were performed within a first time period and the second plurality of electronic transaction activities were performed within a second time period; determining that a first electronic transaction activity and a second electronic transaction activity from the first plurality of electronic transaction activities share a first common attribute of a first attribute type; determining that a third electronic transaction activity and a fourth electronic transaction activity from the second plurality of electronic transaction activities share a second common attribute of a second attribute type different from the first attribute type; determining one or more relationships between the first common attribute and the second common attribute; accessing a first weight, assigned to the first common attribute, representing a probability of the first common attribute being associated with the one or more user funding accounts; accessing a second weight, assigned to the second common attribute, representing a probability of the second common attribute being associated with the one or more user funding accounts; detecting an attack trend associated with the one or more user funding accounts based at least on the one or more relationships and a difference between the first weight and the second weight being larger than a predetermined threshold; and generating a notification that indicates the attack trend detected. 2. The system of claim 1 , wherein the first common attribute comprises website data stored in a browser of a user device with access to the one or more user funding accounts, wherein the second common attribute comprises a network address associated with the user device, and wherein determining the one or more relationships comprises determining that the website data corresponds to the IP network address. 3. The system of claim 1 , wherein the first common attribute comprises first data that indicates a network address associated with the first and second electronic transaction activities, wherein the second common attribute comprises second data that indicates a physical location associated with the third and fourth electronic transaction activities, and wherein determining the one or more relationships comprises determining that the network address is corresponds to the physical location. 4. The system of claim 1 , wherein the operations further comprise: detecting one or more repeated actions associated with the one or more user funding accounts performed within the second time period, wherein the attack trend is detected further based on the one or more repeated actions. 5. The system of claim 1 , wherein the the first common attribute is clustered with the second common attribute based at least on the one or more relationships. 6. The system of claim 1 , wherein the operations further comprise: determining one or more expected tracks associated with the detected attack trend; detecting an attempt to remove the one or more expected tracks during an attack; and generating a second notification indicating the detected attempt to remove the one or more expected tracks. 7. The system of claim 1 , wherein the operations further comprise: determining a probability of the first plurality of electronic transaction activities and the second plurality of electronic transaction activities comprising one or more fraudulent activities; and adjusting the first and second weights based at least on the probability. 8. The system of claim 1 , wherein the operations further comprise: determining a first frequency that electronic transaction activities associated with the first common attribute from the first plurality of electronic transaction activities are performed during the first time period; and determining a second frequency that electronic transaction activities associated with the second common attribute from the second plurality of electronic transaction activities are performed during the second time period, wherein the attack trend is detected further based on the first and second frequencies. 9. The system of claim 1 , wherein the first plurality of electronic transaction activities and the second plurality of electronic transaction activities indicate a number of user funding accounts being created over the first and second time periods, wherein the operations further comprise: determining that the number of user funding accounts being created over the first and second time periods is above an estimated number by a threshold, wherein the attack trend is detected further based on the probability being below the threshold probability. 10. A non-transitory machine-readable medium having stored thereon machine-readable instructions executable to cause a machine to perform operations comprising: accessing electronic transaction activities segmented into a first plurality of electronic transaction activities and a second plurality of electronic transaction activities based on a time at which each of the electronic transaction activities was performed, wherein the first plurality of electronic transaction activities were performed within a first time period and the second plurality of electronic transaction activities were performed within a second time period; determining that a first electronic transaction activity and a second electronic transaction activity from the first plurality of electronic transaction activities share a first common attribute of a first attribute type; determining that a third electronic transaction activity and a fourth electronic transaction activity from the second plurality of electronic transaction activities share a second common attribute of a second attribute type different from the first attribute type; accessing a first weight, assigned to the first common attribute, a indicating a probability that the first common attribute is associated with one or more funding accounts; accessing a second weight, assigned to the second asset, indicating a probability that the second common attribute is associated with the one or more user funding accounts; predicting a scalable attack associated with the one or more user funding accounts based at least on a difference between the first and second weights being larger than a predetermined threshold; and generating a notification that indicates the scalable attack detected. 11. The non-transitory machine-readable medium of claim 10 , wherein the operations further comprise: determining one or more expected tracks associated with the predicted scalable attack, wherein the one or more expected tracks are associated with at least one of the first common attribute or the second common attribute; detecting an attempt to remove the one or more expected tracks during the scalable attack; and generating a second notification indicating the detected attempt to remove the one or more expected tracks. 12. The non-transitory machine-readable medium of claim 10 , wherein the operations further comprise: determining a probability of the first plurality of electronic transaction activities and the
Assignees
Inventors
Classifications
Probabilistic graphical models, e.g. probabilistic networks · CPC title
- H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
Traffic logging, e.g. anomaly detection · CPC title
using kernel methods, e.g. support vector machines [SVM] · CPC title
wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10412099B2 cover?
- Various systems, mediums, and methods may involve a data engine with various components. For example, a system with the data engine may include a segmentation component, an asset preparation component, a clustering component, a variable generation component, and classification component. As such, the system may determine a number of assets associated with a number of activities of one or more a…
- Who is the assignee on this patent?
- Paypal Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1416. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 10 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).