Automated behavioral and static analysis using an instrumented sandbox and machine learning classification for mobile security
US-2018025157-A1 · Jan 25, 2018 · US
Tree pathway analysis for signature inference
US11093845B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11093845-B2 |
| Application number | US-201514720623-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 22, 2015 |
| Priority date | May 22, 2015 |
| Publication date | Aug 17, 2021 |
| Grant date | Aug 17, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method for detecting fraud and non-fraud pattern changes can be based on transaction pathway transversal analysis. A decision tree can be built based on a training dataset from a reference dataset. Pathway transversal information can be recorded along each pathway for the reference dataset. A first mean and a first variance of a class probability can be calculated of all samples over each pathway. A pathway distribution for a new transaction dataset under investigation and a second mean and a second variance of all samples of the new transaction dataset can be obtained. The second mean and the second variance can represent a fraud probability. The deviation metrics between one or more feature statistics of a feature along each pathway for the reference dataset and the new dataset can be determined on a local level. Feature contributors to pattern changes can be determined by analyzing the deviation metrics.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of fraud-detection that detects one or more fraud pattern changes in one or more transactions using machine learning, the method comprising: building, by at least one processor, a decision tree based on a training dataset from a reference dataset; recording, by the at least one processor, pathway transversal information along one or more pathways traversed in the decision tree for the reference dataset; calculating, by the at least one processor, a first mean and a first variance of a class probability of one or more samples over the one or more pathways; obtaining, by the at least one processor, a pathway distribution for a new transaction dataset under investigation and a second mean and a second variance of the one or more samples of the new transaction dataset, the second mean and the second variance being representatives of a fraud probability; retrieving, by the at least one processor, a first pathway density distribution for the reference dataset along at least a first pathway from among the one or more pathways traversed in the decision tree; generating, by the at least one processor, a second pathway density distribution for the new transaction dataset along at least a second pathway from among the one or more pathways traversed in the decision tree; determining, by the at least one processor, deviation metrics between the first pathway density distribution and the second pathway density distribution on a global level; determining, by the at least one processor, the deviation metrics between the first pathway density distribution and the second pathway density distribution on a local level; determining, by the at least one processor, the deviation metrics between one or more feature statistics of a feature along at least one pathway for the reference dataset and at least one pathway for the new transaction dataset on the local level; and analyzing, by the at least one processor, the deviation metrics obtained from one or more pathway density distributions on the global level or one or more pathway density distributions on the local level that detects one or more feature contributors to one or more pattern changes, the one or more pattern changes being indicative of the new transaction exhibiting anomalous behavior; where the determining the deviation metrics on the global level includes one or more of the following: calculating, by the at least one processor, a deviation between the first pathway density distribution and the second pathway density distribution; calculating, by the at least one processor, a correlation between the first pathway density distribution and the second pathway density distribution; and calculating, by the at least one processor, a Kullback-Leibler distance based on information entropy between the first pathway density distribution and the second pathway density distribution; determining, by the at least one processor, a weighted average of the deviation, the correlation, and the Kullback-Leibler distance; generating, by the at least one processor, one or more results representative of a difference between the new transaction dataset and the reference dataset on the global level using at least the weighted average; generating, by the at least one processor, an alert if the weighted average exceeds a predetermined threshold; and where the one or more feature contributors is detected based on a sample density distribution, the detecting comprising: obtaining, by the at least one processor, one or more sample densities at one or more nodes on the first pathway for the reference dataset; obtaining, by the at least one processor, one or more sample densities at one or more nodes on the second pathway for the new dataset; calculating, by the at least one processor, a sample density slope between adjacent nodes on the first pathway and the second pathway; determining, by the at least one processor, a maximum slope difference between the reference dataset and the new transaction dataset; and compiling, by the at least one processor, a list of the one or more features associated with the maximum slope difference. 2. The method of claim 1 , where the first pathway density distribution and the second pathway density distribution are representative of a pathway transversal density along the first pathway and the second pathway, the pathway transversal density being normalized by a total number of samples. 3. The method of claim 1 , where the one or more feature contributors is detected based on one or more feature statistics at one or more nodes, the detecting comprising: obtaining, by the at least one processor, one or more data samples at one or more nodes on the first pathway for the reference dataset; obtaining, by the at least one processor, one or more data samples at one or more nodes on the second pathway for the new transaction dataset; calculating, by the at least one processor, one or more statistics of the data samples at the one or more nodes on the first pathway and at the one or more nodes on the second pathway; finding, by the at least one processor, a difference in statistics between the reference dataset and the new transaction dataset; and compiling, by the at least one processor, a list of the one or more features associated with the difference. 4. A non-transitory computer-readable medium containing instructions that configure a processor to perform operations that detects one or more fraud pattern changes in one or more transactions using machine learning, the operations comprising: building a decision tree based on a training dataset from a reference dataset; recording pathway transversal information along one or more pathways traversed in the decision tree for the reference dataset; calculating a first mean and a first variance of a class probability of one or more samples over the one or more pathways; obtaining a pathway distribution for a new transaction dataset under investigation a second mean and a second variance of the one or more samples of the new transaction dataset, the second mean and the second variance being representatives of a fraud probability; retrieving a first pathway density distribution for the reference dataset along at least a first pathway from among the one or more pathways traversed in the decision tree; generating a second pathway density distribution for the new transaction dataset along at least a second pathway from among the one or more pathways traversed in the decision tree; determining deviation metrics between the first pathway density distribution and the second pathway density distribution on a global level; determining the deviation metrics between the first pathway density distribution and the second pathway density distribution on a local level; determining the deviation metrics between one or more feature statistics of a feature along at least one pathway for the reference dataset and at least one pathway for the new transaction dataset on the local level; and analyzing the deviation metrics obtained from one or more pathway density distributions on the global level or one or more pathway density distributions on the local level that detects one or more feature contributors to one or more pattern changes, the one or more pattern changes being indicative of the new transaction exhibiting anomalous behavior; where the determining the deviation metrics on the global level includes one or more of the following: calculating a deviation between the first pathway density distribution and the second pathway density distribution; calculating a correlation between the first pathway density distribution and the second pathway density distribution; and calculating a Kullback-Leibler distance based on information entropy between the first pathway density distribution an
Assignees
Inventors
Classifications
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11093845B2 cover?
- A method for detecting fraud and non-fraud pattern changes can be based on transaction pathway transversal analysis. A decision tree can be built based on a training dataset from a reference dataset. Pathway transversal information can be recorded along each pathway for the reference dataset. A first mean and a first variance of a class probability can be calculated of all samples over each pat…
- Who is the assignee on this patent?
- Fair Isaac Corp
- What technology area does this patent fall under?
- Primary CPC classification G06N7/01. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Aug 17 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).