Malicious activity detection system capable of efficiently processing data accessed from databases and generating alerts for display in interactive user interfaces
First Claim
1. A computing system comprising:
- a database storing a first data set and a second data set associated with one or more accounts, wherein the first data set comprises a first data section, a second data section, and first data, wherein the first data comprises a first subset of data and a second subset of data, and wherein the second data set comprises the first data section, a third data section, and second data;
a computer processor; and
a computer readable storage medium storing program instructions configured for execution by the computer processor in order to cause the computing system to;
select a first rule from a plurality of rules, wherein the first rule is associated with a behavior associated with the one or more accounts;
retrieve the first data set and the second data set from the database;
determine that the first rule does not use the second subset of data to determine whether the behavior is risky;
remove the second subset of data from the first data to form modified first data in response to the determination that the first rule does not use the second subset of data to determine whether the behavior is risky;
identify that the first data section is included in the first data set and the second data set;
generate a third data set that comprises the first data section, the second data section, the third data section, the modified first data, and the second data;
run the first rule on the third data set to determine whether the behavior is risky;
generate an alert in response to a determination that the behavior is risky; and
transmit the alert for display in an interactive user interface.
8 Assignments
0 Petitions
Accused Products
Abstract
Various systems and methods are provided that retrieve raw data from issuers, reorganize the raw data, analyze the reorganized data to determine whether the risky or malicious activity is occurring, and generate alerts to notify users of possible malicious activity. For example, the raw data is included in a plurality of tables. The system joins one or more tables to reorganize the data using several filtering techniques to reduce the processor load required to perform the join operation. Once the data is reorganized, the system executes one or more rules to analyze the reorganized data. Each rule is associated with a malicious activity. If any of the rules indicate that malicious activity is occurring, the system generates an alert for display to a user in an interactive user interface.
648 Citations
20 Claims
-
1. A computing system comprising:
-
a database storing a first data set and a second data set associated with one or more accounts, wherein the first data set comprises a first data section, a second data section, and first data, wherein the first data comprises a first subset of data and a second subset of data, and wherein the second data set comprises the first data section, a third data section, and second data; a computer processor; and a computer readable storage medium storing program instructions configured for execution by the computer processor in order to cause the computing system to; select a first rule from a plurality of rules, wherein the first rule is associated with a behavior associated with the one or more accounts; retrieve the first data set and the second data set from the database; determine that the first rule does not use the second subset of data to determine whether the behavior is risky; remove the second subset of data from the first data to form modified first data in response to the determination that the first rule does not use the second subset of data to determine whether the behavior is risky; identify that the first data section is included in the first data set and the second data set; generate a third data set that comprises the first data section, the second data section, the third data section, the modified first data, and the second data; run the first rule on the third data set to determine whether the behavior is risky; generate an alert in response to a determination that the behavior is risky; and transmit the alert for display in an interactive user interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer-implemented method comprising:
-
as implemented by one or more computer systems comprising a processor and memory, the one or more computer systems configured with specific executable instructions stored in the memory, in response to execution by the processor of at least one of the specific executable instructions read from the memory, selecting a first rule from a plurality of rules, wherein the first rule is associated with a behavior associated with one or more accounts; retrieving a first data set and a second data set, wherein the first data set comprises a first data section, a second data section, and first data, wherein the first data comprises a first subset of data and a second subset of data, and wherein the second data set comprises the first data section, a third data section, and second data; determining that the first rule does not use the second subset of data to determine whether the behavior is risky; removing the second subset of data from the first data to form modified first data in response to the determination that the first rule does not use the second subset of data to determine whether the behavior is risky; identifying that the first data section is included in the first data set and the second data set; generating a third data set that comprises the first data section, the second data section, the third data section, the modified first data, and the second data; running the first rule on the third data set to determine whether the behavior is risky; generating an alert in response to a determination that the behavior is risky; and transmitting the alert for display in an interactive user interface. - View Dependent Claims (16, 17)
-
-
18. A non-transitory computer-readable medium comprising one or more program instructions recorded thereon, the instructions configured for execution by a computing system comprising one or more processors in order to cause the computing system to:
-
select a first rule from a plurality of rules, wherein the first rule is associated with a behavior associated with one or more accounts; retrieve a first data set and a second data set, wherein the first data set comprises a first data section, a second data section, and first data, wherein the first data comprises a first subset of data and a second subset of data, and wherein the second data set comprises the first data section, a third data section, and second data; determine that the first rule does not use the second subset of data to determine whether the behavior is risky; remove the second subset of data from the first data to form modified first data in response to the determination that the first rule does not use the second subset of data to determine whether the behavior is risky; identify that the first data section is included in the first data set and the second data set; generate a third data set that comprises the first data section, the second data section, the third data section, the modified first data, and the second data; run the first rule on the third data set to determine whether the behavior is risky; generate an alert in response to a determination that the behavior is risky; and transmit the alert for display in an interactive user interface. - View Dependent Claims (19, 20)
-
Specification