Dynamic detection of unauthorized activity in multi-channel system
First Claim
1. A dynamic unauthorized activity detection computing platform, comprising:
- at least one processor;
a communication interface communicatively coupled to the at least one processor; and
memory storing computer-readable instructions that, when executed by the at least one processor, cause the dynamic unauthorized activity detection computing platform to;
receive first data from a first communication channel;
format the first data received from the first communication channel;
analyze the formatted first data received from the first communication channel to identify a first occurrence of triggering content;
receive second data from a second communication channel different from the first communication channel;
format the second data received from the second communication channel;
analyze the formatted second data received from the second communication channel to identify a second occurrence of triggering content;
evaluate, based on one or more machine learning datasets, the first occurrence of triggering content and the second occurrence of triggering content to determine whether triggering content of the first occurrence, in combination with triggering content of the second occurrence, indicates unauthorized activity;
responsive to determining that the triggering content of the first occurrence in combination with the triggering content of the second occurrence indicates unauthorized activity, modifying operation of at least one of the first communication channel and the second communication channel; and
responsive to determining that the triggering content of the first occurrence in combination with the triggering content of the second occurrence does not indicate unauthorized activity, receive subsequent data from at least one of the first communication channel and the second communication channel.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems for dynamically detecting unauthorized activity are provided. A system may receive data from one or more computing devices associated with one or more different channels of communication (e.g., email, telephone, instant messaging, internet browsing, and the like). The received data may be formatted or transformed from an unstructured format to a structured format for further analysis and evaluation. In some arrangements, machine learning may be used to determine whether triggering content was identified in data received from the one or more systems and to evaluate the identified triggering content to determine whether the content, alone or in combination with triggering content from other channels of communication, may indicate an occurrence of unauthorized activity. If so, the identified occurrence may be evaluated to determine whether a false positive has occurred. If a false positive has not occurred, an alert or notification may be generated and/or operation or functionality one or more communication channels may be modified.
-
Citations
24 Claims
-
1. A dynamic unauthorized activity detection computing platform, comprising:
-
at least one processor; a communication interface communicatively coupled to the at least one processor; and memory storing computer-readable instructions that, when executed by the at least one processor, cause the dynamic unauthorized activity detection computing platform to; receive first data from a first communication channel; format the first data received from the first communication channel; analyze the formatted first data received from the first communication channel to identify a first occurrence of triggering content; receive second data from a second communication channel different from the first communication channel; format the second data received from the second communication channel; analyze the formatted second data received from the second communication channel to identify a second occurrence of triggering content; evaluate, based on one or more machine learning datasets, the first occurrence of triggering content and the second occurrence of triggering content to determine whether triggering content of the first occurrence, in combination with triggering content of the second occurrence, indicates unauthorized activity; responsive to determining that the triggering content of the first occurrence in combination with the triggering content of the second occurrence indicates unauthorized activity, modifying operation of at least one of the first communication channel and the second communication channel; and responsive to determining that the triggering content of the first occurrence in combination with the triggering content of the second occurrence does not indicate unauthorized activity, receive subsequent data from at least one of the first communication channel and the second communication channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method, comprising:
at a computing platform comprising at least one processor, memory, and a communication interface; receiving, by the at least one processor and via the communication interface, first data from a first communication channel; formatting, by the at least one processor, the first data received from the first communication channel; analyzing, by the at least one processor, the formatted first data received from the first communication channel to identify a first occurrence of triggering content; receiving, by the at least one processor and via the communication interface, second data from a second communication channel different from the first communication channel; formatting, by the at least one processor, the second data received from the second communication channel; analyzing, by the at least one processor, the formatted second data received from the second communication channel to identify a second occurrence of triggering content; evaluating, by the at least one processor and based on one or more machine learning datasets, the first occurrence of triggering content and the second occurrence of triggering content to determine whether triggering content of the first occurrence, in combination with triggering content of the second occurrence, indicates unauthorized activity; and responsive to determining that the triggering content of the first occurrence in combination with the triggering content of the second occurrence indicates unauthorized activity, modifying, by the at least one processor, operation of at least one of the first communication channel and the second communication channel. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
17. One or more non-transitory computer-readable media storing instructions that, when executed by a computing platform comprising at least one processor, memory, and a communication interface, cause the computing platform to:
-
receive first data from a first communication channel; format the first data received from the first communication channel; analyze the formatted first data received from the first communication channel to identify a first occurrence of triggering content; receive second data from a second communication channel different from the first communication channel; format the second data received from the second communication channel; analyze the formatted second data received from the second communication channel to identify a second occurrence of triggering content; evaluate, based on one or more machine learning datasets, the first occurrence of triggering content and the second occurrence of triggering content to determine whether triggering content of the first occurrence, in combination with triggering content of the second occurrence, indicates unauthorized activity; responsive to determining that the triggering content of the first occurrence in combination with the triggering content of the second occurrence indicates unauthorized activity, modifying operation of at least one of the first communication channel and the second communication channel; and responsive to determining that the triggering content of the first occurrence in combination with the triggering content of the second occurrence does not indicate unauthorized activity, receive subsequent data from at least one of the first communication channel and the second communication channel. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification