System and method of detecting fraudulent user transactions
First Claim
1. A method for detecting fraudulent activity in user transactions, the method comprising:
- collecting user behavior data specifying the user'"'"'s interaction via an input device with a plurality of groups of elements of a graphical interface of a first application on a computing device for interaction with a remote server;
calculating, by a processor, an anomalous user behavior coefficient for each of the groups of elements of the graphical interface by applying a simple probabilistic classifier to the collected user behavior data specifying the user'"'"'s interaction with each of the groups of elements of the graphical user interface, wherein the anomalous user behavior coefficient represents a likelihood that the user'"'"'s interaction with the plurality of groups of elements of the graphical interface was imitated by software;
calculating, by the processor, a combination of the anomalous user behavior coefficients;
detecting, by the processor, a fraudulent activity when the combination of anomalous user behavior coefficients exceeds a predetermined threshold value;
in response to detecting a fraudulent activity, blocking, by the processor, the interaction of the user with the remote server; and
further responsive to detecting the fraudulent activity, determining a second application executing on the computing device based on access by the second application of the user behavior data during the user'"'"'s interaction with the graphical interface, and classifying the second application as malicious.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for detecting fraudulent activity in user transactions. An exemplary method includes: collecting user behavior data during the user'"'"'s interaction via an input device with one or more groups of elements of a graphical interface of an application on a computing device; calculating, by a processor, an anomalous user behavior coefficient for each group of elements of the graphical interface based on the collected user behavior data; detecting, by the processor, a fraudulent activity when a combination of anomalous user behavior coefficients exceeds a predetermined threshold value; and in response to detecting a fraudulent activity, blocking, by the processor, the interaction of the user with the application.
20 Citations
10 Claims
-
1. A method for detecting fraudulent activity in user transactions, the method comprising:
-
collecting user behavior data specifying the user'"'"'s interaction via an input device with a plurality of groups of elements of a graphical interface of a first application on a computing device for interaction with a remote server; calculating, by a processor, an anomalous user behavior coefficient for each of the groups of elements of the graphical interface by applying a simple probabilistic classifier to the collected user behavior data specifying the user'"'"'s interaction with each of the groups of elements of the graphical user interface, wherein the anomalous user behavior coefficient represents a likelihood that the user'"'"'s interaction with the plurality of groups of elements of the graphical interface was imitated by software; calculating, by the processor, a combination of the anomalous user behavior coefficients; detecting, by the processor, a fraudulent activity when the combination of anomalous user behavior coefficients exceeds a predetermined threshold value; in response to detecting a fraudulent activity, blocking, by the processor, the interaction of the user with the remote server; and further responsive to detecting the fraudulent activity, determining a second application executing on the computing device based on access by the second application of the user behavior data during the user'"'"'s interaction with the graphical interface, and classifying the second application as malicious. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory computer readable medium storing computer executable instructions for detecting fraudulent activity in user transactions, including instructions for:
-
collecting user behavior data specifying the user'"'"'s interaction via an input device with a plurality of groups of elements of a graphical interface of a first application on a computing device for interaction with a remote server; calculating, by a processor, an anomalous user behavior coefficient for each of the groups of elements of the graphical interface by applying a simple probabilistic classifier to the collected user behavior data specifying the user'"'"'s interaction with each of the groups of elements of the graphical user interface, wherein the anomalous user behavior coefficient represents a likelihood that the user'"'"'s interaction with the plurality of groups of elements of the graphical interface was imitated by software; calculating, by the processor, a combination of the anomalous user behavior coefficients; detecting, by the processor, a fraudulent activity when the combination of anomalous user behavior coefficients exceeds a predetermined threshold value; in response to detecting a fraudulent activity, blocking, by the processor, the interaction of the user with the remote server; and further responsive to detecting the fraudulent activity, determining a second application executing on the computing device based on access by the second application of the user behavior data during the user'"'"'s interaction with the graphical interface, and classifying the second application as malicious. - View Dependent Claims (7, 8, 9, 10)
-
Specification