Correlating threat information across sources of distributed computing systems
US-10333962-B1 · Jun 25, 2019 · US
System security configurations based on assets associated with activities
US11038903B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11038903-B2 |
| Application number | US-201916566746-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 10, 2019 |
| Priority date | Jun 22, 2016 |
| Publication date | Jun 15, 2021 |
| Grant date | Jun 15, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Various systems, mediums, and methods may involve a data engine with various components. For example, a system with the data engine may include a segmentation component, an asset preparation component, a clustering component, a variable generation component, and classification component. As such, the system may determine a number of assets associated with a number of activities of one or more accounts. Further, the system may determine various links associated with the number of assets. As such, the system may detect an attack and/or an attack trend associated with the one or more accounts based on the various links associated with the number assets. Further, the system may generate a notification that indicates the attack and/or the attack trend detected.
First claim
Opening claim text (preview).
The invention claimed is: 1. A system, comprising: a non-transitory memory; and one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising: identifying a first plurality of online transactions associated with a service provider based on a first attribute shared among the first plurality of online transactions, wherein the first attribute comprises a transaction address associated with the first plurality of online transactions; identifying a second plurality of online transactions associated with the service provider based on a second attribute shared among the second plurality of online transactions, wherein the second attribute comprises a device location of devices used to conduct the second plurality of online transactions; determining a relationship between the first attribute and the second attribute; generating a cluster of online transactions comprising the first plurality of online transactions and the second plurality of online transactions based on the determined relationship between the first attribute and the second attribute; analyzing the cluster of online transactions based on at least a third attribute that is not shared among the first plurality of online transactions; and detecting a network attack trend against the service provider based on the analyzing. 2. The system of claim 1 , wherein the analyzing the cluster of online transactions comprises determining a frequency of the online transactions within the cluster over a time period. 3. The system of claim 1 , wherein the cluster of online transactions is analyzed using a machine learning model. 4. The system of claim 1 , wherein the operations further comprise: determining a pattern associated with the third attribute based on the online transactions within the cluster; and determining that the pattern matches a predetermined pattern associated with a network attack. 5. The system of claim 1 , wherein the operations further comprise: identifying one or more user accounts with the service provider associated with the online transactions within the cluster; and performing an action to the one or more user accounts based on the detected network attack trend. 6. The system of claim 1 , wherein the cluster comprises a first plurality of connections that links the first plurality of online transactions with each other based on the first attribute, a second plurality of connections that links the second plurality of online transactions with each other based on the second attribute, and a third connection that links the first attribute with the second attribute based on the determined relationship. 7. The system of claim 6 , wherein the analyzing the cluster comprises analyzing an architecture of the cluster based on the first plurality of connections, the second plurality of connections, and the third connection. 8. The system of claim 1 , wherein the transaction address comprises at least one of a shipping address, a billing address, or a merchant address. 9. A method comprising: accessing, by one or more hardware processors, a set of online transactions associated with a service provider; determining, by the one or more hardware processors, a first attribute shared among a first subset of online transactions from the set of online transactions, wherein the first attribute comprises browser data associated with browser applications of devices used to conduct the first subset of online transactions; determining, by the one or more hardware processors, a second attribute shared among a second subset of online transactions from the set of online transactions, wherein the second attribute comprises network addresses associated with devices used to conduct the second subset of online transactions; determining, by the one or more hardware processors, a relationship between the first attribute and the second attribute; generating, by the one or more hardware processors, a cluster of online transactions that includes the first subset of online transactions and the second subset of online transactions based on the determined relationship between the first attribute and the second attribute; analyzing, by the one or more hardware processors, the cluster of online transactions based on an architecture of the cluster; detecting, by the one or more hardware processors, a network attack trend against the service provider based on the analyzing; determining an action to take based on the network attack trend; and performing the action on one or more accounts with the service provider. 10. The method of claim 9 , wherein the cluster comprises a first plurality of connections that links the first subset of online transactions with each other based on the first attribute, a second plurality of connections that links the second subset of online transactions with each other based on the second attribute, and a third connection that links the first attribute with the second attribute based on the determined relationship. 11. The method of claim 10 , wherein the analyzing the cluster of network activities based on the architecture of the cluster comprises analyzing the first plurality of connections, the second plurality of connections, and the third connection of the cluster. 12. The method of claim 9 , further comprising classifying the cluster based on a characteristic of the cluster. 13. The method of claim 12 , wherein the characteristic comprises at least one of a number of online transactions, a number of different attributes shared among different groups of online transactions within the cluster, a frequency of online transactions within a time period, or an average weight calculated based on weights assigned to at least the first attribute and the second attribute. 14. The method of claim 9 , further comprising: determining a pattern associated based on the online transactions within the cluster; and determining that the pattern matches a predetermined pattern associated with a network attack. 15. A non-transitory machine-readable medium having stored thereon machine-readable instructions executable to cause a machine to perform operations comprising: determining, from a plurality of attributes associated with a plurality of online transactions, that a first attribute is related to a second attribute, wherein the first attribute comprises a transaction address associated with the plurality of online transactions, and wherein the second attribute comprises a device location of devices used to conduct the plurality of online transactions; in response to determining that the first attribute is related to the second attribute, identifying a first subset of online transactions from the plurality of online transactions associated with the first attribute and a second subset of online transactions from the plurality of online transactions associated with the second attribute; generating a cluster of online transactions comprising the first and second subsets of online transactions; classifying the cluster based at least on a characteristic of the cluster; detecting a network attack trend against the service provider based on the classifying; and determining an action to take based on the network attack trend. 16. The non-transitory machine-readable medium of claim 15 , wherein the operations further comprise: determining, from the plurality of attributes, that a third attribute is related to at least one of the first attribute or the second attribute; and in response to determining that
Assignees
Inventors
Classifications
Probabilistic graphical models, e.g. probabilistic networks · CPC title
Traffic logging, e.g. anomaly detection · CPC title
- H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
using kernel methods, e.g. support vector machines [SVM] · CPC title
service impersonation, e.g. phishing, pharming or web spoofing (detection of rogue wireless access points H04W12/12) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11038903B2 cover?
- Various systems, mediums, and methods may involve a data engine with various components. For example, a system with the data engine may include a segmentation component, an asset preparation component, a clustering component, a variable generation component, and classification component. As such, the system may determine a number of assets associated with a number of activities of one or more a…
- Who is the assignee on this patent?
- Paypal Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1416. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 15 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).