PatentsDB

Systems and user interfaces for dynamic and interactive investigation of bad actor behavior based on automatic clustering of related data in various data structures

US10447712B2 · US · B2

Patent metadata
FieldValue
Publication numberUS-10447712-B2
Application numberUS-201715449042-A
CountryUS
Kind codeB2
Filing dateMar 3, 2017
Priority dateDec 22, 2014
Publication dateOct 15, 2019
Grant dateOct 15, 2019

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

  1. Title

    What the patent document calls the invention.

  2. Abstract

    A short plain-language summary of the technical disclosure.

  3. Assignees and inventors

    Who owns or filed the patent and who is credited as inventor.

  4. Key dates

    Filing, priority, publication, and grant dates set the timeline.

  5. First independent claim

    The legal scope of protection — read this for what is actually claimed.

  6. CPC / IPC classifications

    Technology tags used to group this patent with similar filings.

  7. Citations and related patents

    Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Embodiments of the present disclosure relate to a data analysis system that may automatically generate memory-efficient clustered data structures, automatically analyze those clustered data structures, automatically tag and group those clustered data structures, and provide results of the automated analysis and grouping in an optimized way to an analyst. The automated analysis of the clustered data structures (also referred to herein as data clusters) may include an automated application of various criteria or rules so as to generate a tiled display of the groups of related data clusters such that the analyst may quickly and efficiently evaluate the groups of data clusters. In particular, the groups of data clusters may be dynamically re-grouped and/or filtered in an interactive user interface so as to enable an analyst to quickly navigate among information associated with various groups of data clusters and efficiently evaluate those data clusters in the context of, for example, a fraud investigation.

First claim

Opening claim text (preview).

What is claimed is: 1. A computer system configured to provide a dynamic user interface relating to visualization of alerts of malicious network activity, the computer system comprising: one or more electronic data structures configured to store a plurality of clusters of data items, wherein each cluster of data items represents a group of related malicious network activities; and one or more hardware computer processors configured to execute software code to cause the computer system to: access the plurality of clusters of data items from the one or more electronic data structures; analyze the plurality of clusters of data items to determine, for each cluster of the plurality of clusters, respective types of malicious network activity associated with the clusters of data items; group, into a plurality of groups of clusters, the plurality of clusters of data items such that each group of clusters of the plurality of groups of clusters comprises clusters of data items associated with respective same types of malicious network activity; and provide a dynamic graphical user interface including a plurality of tiles each representing a different one of the plurality of groups of clusters, wherein each of the respective tiles includes at least: respective indications of the types of malicious network activity associated with the respective tiles; and respective numbers of data clusters included in the groups of clusters associated with the respective tiles representing the types of malicious network activity. 2. The computer system of claim 1 , wherein the one or more hardware computer processors are further configured to execute software code to cause the computer system to: further analyze the plurality of clusters of data items to determine respective numbers of clusters of the plurality of clusters having each of a plurality of types of malicious network activity. 3. The computer system of claim 1 , wherein each of the respective tiles further includes: respective time-based graphs showing events associated with data clusters of the respective groups of clusters associated with the respective tiles. 4. The computer system of claim 3 , wherein the one or more hardware computer processors are further configured to execute software code to cause the computer system to: in response to selection of a tile of the plurality of tiles, update the graphical user interface such that the time-based graph associated with the selected tile is resized to be larger and comprise a greater portion of the graphical user interface. 5. The computer system of claim 3 , wherein each of the respective tiles further includes: respective indications of numbers of critical malicious network activities associated with the respective tiles. 6. The computer system of claim 5 , wherein the plurality of tiles are spatially organized in the graphical user interface according to the numbers of critical malicious network activities associated with the respective tiles. 7. The computer system of claim 5 , wherein the plurality of tiles are each colored to indicate the respective numbers of critical malicious network activities associated with the respective tiles. 8. The computer system of claim 1 , wherein the one or more hardware computer processors are further configured to execute software code to cause the computer system to: determine a change to a data item of a cluster of the plurality of clusters; and at least one of: re-analyze the plurality of clusters to determine respective types of malicious network activity associated with the clusters of data items, or re-group the plurality of clusters of data items into a plurality of groups of clusters. 9. A computer system configured to provide a dynamic user interface relating to visualization of alerts of malicious activity, the computer system comprising: one or more electronic data structures configured to store a plurality of clusters of data items, wherein each cluster of data items represents a group of related malicious activities; and one or more hardware computer processors configured to execute software code to cause the computer system to: access the plurality of clusters of data items from the one or more electronic data structures; analyze the plurality of clusters of data items to determine, for each of the clusters, respective one or more attribute values associated with the respective clusters of data items; provide a dynamic user interface configured to include at least indications of a plurality of types of attributes; and in response to a user input selecting a first type of attribute, update the dynamic user interface to include at least: indications of a first one or more attribute values associated with the first type of attribute, wherein each of the first one or more attribute values is indicated along with a corresponding graphical tile in the dynamic user interface; and for each of the first one or more attribute values, and overlaid on the respective graphical tiles, respective numbers of data clusters associated with the respective one or more attribute values. 10. The computer system of claim 9 , wherein the one or more hardware computer processors are further configured to execute software code to cause the computer system to: in response to a user input selecting a second type of attribute, update the dynamic user interface to include at least: indications of a second one or more attribute values associated with the second type of attribute, wherein each of the second one or more attribute values is indicated along with a corresponding graphical tile in the dynamic user interface; and for each of the second one or more attribute values, and overlaid on the respective graphical tiles, respective numbers of data clusters associated with the respective one or more attribute values. 11. The computer system of claim 9 , wherein each of the respective graphical tiles is further overlaid with: respective time-based graphs showing events associated with data clusters associated with the respective one or more attribute values represented by the respective graphical tiles. 12. The computer system of claim 11 , wherein the one or more hardware computer processors are further configured to execute software code to cause the computer system to: in response to selection of a graphical tile of the plurality of tiles, update the dynamic user interface such that the time-based graph associated with the selected graphical tile is resized to be larger and comprise a greater portion of the dynamic user interface. 13. The computer system of claim 11 , wherein each of the respective graphical tiles is further overlaid with: respective indications of numbers of critical malicious activities associated with data clusters associated the respective tiles. 14. A computer system configured to provide a dynamic user interface relating to visualization of alerts of malicious network activity, the computer system comprising: one or more electronic data structures configured to store a plurality of clusters of data items, wherein each cluster of data items represents a group of related malicious network activities; and one or more hardware computer processors configured to execute software code to cause the computer system to: access the plurality of clusters of data items from the one or more electronic data structures; analyze the plurality of clusters of data items to determine, for each cluster of the plurality of clusters: respective types of malicious network activity associated with the clusters of data items, and respective criticalities of the malicious netwo

Assignees

Inventors

Classifications

  • H04L63/1416Primary

    Event detection, e.g. attack signature detection · CPC title

  • G06Q40/00Primary

    Finance; Insurance; Tax strategies; Processing of corporate or income taxes · CPC title

  • G06F18/23

    Clustering techniques · CPC title

  • G06F18/40

    Software arrangements specially adapted for pattern recognition, e.g. user interfaces or toolboxes therefor · CPC title

  • G06F16/34

    Browsing; Visualisation therefor (browsing or visualisation for clustering or classification G06F16/358) · CPC title

Patent family

Related publications grouped by family.

View patent family 54850544

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10447712B2 cover?
Embodiments of the present disclosure relate to a data analysis system that may automatically generate memory-efficient clustered data structures, automatically analyze those clustered data structures, automatically tag and group those clustered data structures, and provide results of the automated analysis and grouping in an optimized way to an analyst. The automated analysis of the clustered …
Who is the assignee on this patent?
Palantir Technologies Inc
What technology area does this patent fall under?
Primary CPC classification H04L63/1416. Mapped technology areas include Electricity.
When was this patent published?
Publication date Tue Oct 15 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?
We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).