Edge network-based account protection service
US-11570203-B2 · Jan 31, 2023 · US
Real-time detection of online new-account creation fraud using graph-based neural network modeling
US12255916B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12255916-B2 |
| Application number | US-202217862460-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 12, 2022 |
| Priority date | Jul 12, 2022 |
| Publication date | Mar 18, 2025 |
| Grant date | Mar 18, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method executes upon receiving data (email, IP address) associated with an account registration. In response, an encoding is applied to the data to generate a node vector. The node vector indexes a database of such node vectors that the system maintains (from prior registrations). The database potentially includes one or more node vector(s) that may have a given similarity to the encoded node vector. To determine whether there are such vectors present, a set of k-nearest neighbors to the encoded node vector are then obtained from the database. This set of k-nearest neighbors together with the encoded node vector comprise a virtual graph that is then fed as a graph input to a Graph Neural Network previously trained on a set of training data. The GNN generates a probability that the virtual graph represents a NAF. If the probability exceeds a configurable threshold, the system outputs an indication that the registration is potentially fraudulent, and a mitigation action is taken.
First claim
Opening claim text (preview).
What we claim is as follows: 1. A method of protecting an online system, comprising: receiving data associated with a new account registration, the data comprising an email, and an associated Internet Protocol (IP) address; applying an encoding to the data to generate an encoded node vector; using the encoded node vector to collect a data set from a database of encoded node vectors representing a set of most recent account registrations; constructing a virtual graph from the data set; feeding the virtual graph to a Graph Neural Network (GNN) to generate a probability that the new account registration is fraudulent; and responsive to a determination that the new account registration is fraudulent, taking a mitigation action to protect the online system. 2. The method as described in claim 1 wherein the GNN includes a self-attention output layer. 3. The method as described in claim 1 wherein the data set comprises the encoded node vector and its-k-nearest neighbor encoded node vectors associated with the encoded node vector. 4. The method as described in claim 1 wherein the email is encoded by applying the email to a recursive neural network (RNN), the recursive neural network having been pre-trained on a corpus of registrations that have been determined to be fraudulent. 5. The method as described in claim 4 wherein the recursive neural network is an encoder. 6. The method as described in claim 1 wherein the IP address is encoded according to a similarity scheme based on an identity of IP address bytes. 7. The method as described in claim 6 further including augmenting an IP address encoding with additional information associated with the IP address. 8. The method as described in claim 1 wherein the new account registration is associated with an attempt by a user to register a new account for a web site or application. 9. The method as described in claim 8 wherein the mitigation action rejects the new account registration. 10. The method as described in claim 1 wherein the determination occurs in real-time. 11. The method as described in claim 1 wherein the database of encoded node vectors is fixed in size and updated continuously as new account registrations are received. 12. An apparatus for real-time protection of an online system, comprising: one or more hardware processors; and computer memory holding computer program code executed by the one or more hardware processors and configured to: receive data associated with a new account registration, the data comprising an email, and an associated Internet Protocol (IP) address; apply an encoding to the data to generate an encoded node vector; use the encoded node vector to collect a data set from a database of encoded node vectors representing a set of most recent account registrations; construct a virtual graph from the data set; feed the virtual graph to a Graph Neural Network (GNN) to generate a probability that the new account registration is fraudulent; and responsive to a determination that the new account registration is fraudulent, take a mitigation action to protect the online system. 13. The apparatus as described in claim 12 wherein the GNN includes a self-attention output layer. 14. The apparatus as described in claim 12 wherein the data set comprises the encoded node vector and its-k-nearest neighbor encoded node vectors associated with the encoded node vector. 15. The apparatus as described in claim 12 wherein the computer program code configured to apply the encoding to the email is a recursive neural network (RNN), the recursive neural network having been pre-trained on a corpus of registrations that have been determined to be fraudulent. 16. The apparatus as described in claim 15 wherein the recursive neural network is an encoder. 17. The apparatus as described in claim 12 wherein the computer program code configured to apply the encoding to the IP address is a similarity encoder that is based on an identity of IP address bytes. 18. The apparatus as described in claim 12 wherein the computer memory comprises a fixed size random access memory (RAM) block that stores a fixed number of most recent account registrations. 19. The apparatus as described in claim 18 wherein the computer program code is further configured to execute cyclic shifts on the RAM block to maintain a most recent history of account registrations as account registration requests are being received. 20. The apparatus as described in claim 12 wherein the computer program code rejects the new account registration as the mitigation action.
Assignees
Inventors
Classifications
Entity profiles · CPC title
using machine learning or artificial intelligence · CPC title
Traffic logging, e.g. anomaly detection · CPC title
service impersonation, e.g. phishing, pharming or web spoofing (detection of rogue wireless access points H04W12/12) · CPC title
- H04L63/1441Primary
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12255916B2 cover?
- A method executes upon receiving data (email, IP address) associated with an account registration. In response, an encoding is applied to the data to generate a node vector. The node vector indexes a database of such node vectors that the system maintains (from prior registrations). The database potentially includes one or more node vector(s) that may have a given similarity to the encoded node…
- Who is the assignee on this patent?
- Akamai Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1441. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 18 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).