System and method to detect premium attacks on electronic networks and electronic devices
First Claim
1. A computerized method for detecting premium attacks by an attack classification system including one or more hardware processors and storage medium, the method comprising:
- receiving, by the attack classification system, analytic information;
generating, by the attack classification system, logical representations for different portions of the analytic information represented as a nodal graph, the logical representations include objects, properties, and relationships between the objects and the properties;
filtering, by the attack classification system, a first set of one or more relationships from the relationships, each of the first set of relationships provides lesser assistance in clustering the objects and the properties than a remaining plurality of relationships from the relationships;
performing, by the attack classification system, a clustering operation that forms one or more clusters by removing a second set of one or more relationships from the remaining plurality of relationships, the one or more clusters includes a first cluster being a logical representation of a first plurality of objects of the objects, a first plurality of properties of the properties and a plurality of relationships being the remaining plurality of relationships excluding the second set of relationships;
analyzing, by the attack classification system, at least the first cluster of the one or more clusters to determine features of at least the first cluster;
introducing the determined features associated with the first cluster into the nodal graph; and
analyzing the features of the first cluster to determine whether the first plurality of objects, the first plurality of properties and the plurality of relationships forming the first cluster are associated with a premium attack, the analyzing of the features of the first cluster comprises applying rule-based constraints to the features of at least the first cluster to determine that the features correspond to cluster features that are commonly present in premium attacks.
5 Assignments
0 Petitions
Accused Products
Abstract
A computerized method for detecting premium attacks by an attack classification system is described. Based on received analytic information, the attack classification system generates logical representations for different portions of the analytic information represented as a nodal graph. The logical representations include objects, properties, and relationships between the objects and the properties. The attack classification system filters at least one relationship from the relationships and forms a first cluster further filtering the relationships. Being a logical representation of objects, properties and the remaining relationships, the first cluster is analyzed to determine features and introduce the features into the nodal graph. An analysis of the features determines whether the objects, properties and relationships forming the first cluster are associated with a premium attack by at least applying rule-based constraints to the features of the first cluster to determine whether they correspond to cluster features commonly present in premium attacks.
179 Citations
47 Claims
-
1. A computerized method for detecting premium attacks by an attack classification system including one or more hardware processors and storage medium, the method comprising:
-
receiving, by the attack classification system, analytic information; generating, by the attack classification system, logical representations for different portions of the analytic information represented as a nodal graph, the logical representations include objects, properties, and relationships between the objects and the properties; filtering, by the attack classification system, a first set of one or more relationships from the relationships, each of the first set of relationships provides lesser assistance in clustering the objects and the properties than a remaining plurality of relationships from the relationships; performing, by the attack classification system, a clustering operation that forms one or more clusters by removing a second set of one or more relationships from the remaining plurality of relationships, the one or more clusters includes a first cluster being a logical representation of a first plurality of objects of the objects, a first plurality of properties of the properties and a plurality of relationships being the remaining plurality of relationships excluding the second set of relationships; analyzing, by the attack classification system, at least the first cluster of the one or more clusters to determine features of at least the first cluster; introducing the determined features associated with the first cluster into the nodal graph; and analyzing the features of the first cluster to determine whether the first plurality of objects, the first plurality of properties and the plurality of relationships forming the first cluster are associated with a premium attack, the analyzing of the features of the first cluster comprises applying rule-based constraints to the features of at least the first cluster to determine that the features correspond to cluster features that are commonly present in premium attacks. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. An attack classification system for detecting premium attacks, comprising:
-
one or more hardware processors; and a storage medium that stores one or more software modules, including; data collection logic that, when executed by the one or more hardware processors, obtains analytic information from one or more resources remotely located from the attack classification system, mapping logic that, when executed by the one or more hardware processors and in accordance with a selected data model, generates logical representations, operating as objects, properties and relationships, for different portions of the analytic information represented as a nodal graph, filtering logic that, when executed by the one or more hardware processors, filters a first set of one or more relationships from the relationships and each of the first set of relationships providing lesser assistance in clustering the objects and the properties than a remaining plurality of relationships from the relationships, cluster formation logic that, when executed by the one or more hardware processors, performs a clustering operation by forming one or more clusters by removing a second set of one or more relationships from the remaining plurality of relationships, the one or more clusters includes a first cluster being a logical representation of a first plurality of objects of the objects, a first plurality of properties of the properties and a plurality of relationships being the remaining plurality of relationships excluding the second set of relationships, cluster analysis logic to analyze at least the first cluster of the one or more clusters to determine features of at least the first cluster and to introduce the determined features associated with the first cluster into the nodal graph, and classification logic to analyze the features of the first cluster to determine whether the first plurality of objects, the first plurality of properties and the plurality of relationships forming the first cluster are associated with a premium attack, the analyzing of the features of the first cluster comprises applying rule-based constraints to the features of at least the first cluster to determine that the features correspond to cluster features that are commonly present in premium attacks. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. An attack classification system for detecting premium attacks, comprising:
-
one or more hardware processors; and a storage medium that stores one or more software modules, including; data collection logic that, when executed by the one or more hardware processors, obtains analytic information from one or more resources remotely located from the attack classification system, mapping logic that, when executed by the one or more hardware processors and in accordance with a selected data model, generates logical representations, operating as objects, properties and relationships, for different portions of the analytic information represented as a nodal graph, filtering logic that, when executed by the one or more hardware processors, filters a first set of one or more relationships from the relationships and each of the first plurality of relationships providing lesser assistance in clustering the objects and the properties than a remaining plurality of relationships from the relationships, cluster formation logic that, when executed by the one or more hardware processors, performs a clustering operation by forming one or more clusters from removing one or more relationships of a plurality of relationships associated with logical representations of different portions of the analytic information, the logical representations of different portions of the analytic information are represented in accordance with a data model scheme as at least a plurality of objects, cluster analysis logic to analyze at least a first cluster of the one or more clusters to determine features of at least the first cluster and to introduce the determined features associated with the first cluster into the nodal graph, and classification logic to analyze the features of the first cluster to determine whether the plurality of objects and a remaining relationships of the plurality of relationships forming the first cluster are associated with a premium attack, the analyzing of the features of the first cluster comprises applying rule-based constraints to the features of at least the first cluster to determine that the features correspond to cluster features that are commonly present in premium attacks. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
-
Specification