Systems and user interfaces for dynamic and interactive investigation of bad actor behavior based on automatic clustering of related data in various data structures
First Claim
1. A computer system configured to provide a dynamic user interface relating to visualization of alerts of malicious network activity, the computer system comprising:
- one or more electronic data structures configured to store a plurality of clusters of data items, wherein each cluster of data items represents a group of related malicious network activities; and
one or more hardware computer processors configured to execute software code to cause the computer system to;
access the plurality of clusters of data items from the one or more electronic data structures;
analyze the plurality of clusters of data items to determine, for each cluster of the plurality of clusters, respective types of malicious network activity associated with the clusters of data items;
group, into a plurality of groups of clusters, the plurality of clusters of data items such that each group of clusters of the plurality of groups of clusters comprises clusters of data items associated with respective same types of malicious network activity; and
provide a dynamic graphical user interface including a plurality of tiles each representing a different one of the plurality of groups of clusters, wherein each of the respective tiles includes at least;
respective indications of the types of malicious network activity associated with the respective tiles; and
respective numbers of data clusters included in the groups of clusters associated with the respective tiles representing the types of malicious network activity.
8 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present disclosure relate to a data analysis system that may automatically generate memory-efficient clustered data structures, automatically analyze those clustered data structures, automatically tag and group those clustered data structures, and provide results of the automated analysis and grouping in an optimized way to an analyst. The automated analysis of the clustered data structures (also referred to herein as data clusters) may include an automated application of various criteria or rules so as to generate a tiled display of the groups of related data clusters such that the analyst may quickly and efficiently evaluate the groups of data clusters. In particular, the groups of data clusters may be dynamically re-grouped and/or filtered in an interactive user interface so as to enable an analyst to quickly navigate among information associated with various groups of data clusters and efficiently evaluate those data clusters in the context of, for example, a fraud investigation.
-
Citations
18 Claims
-
1. A computer system configured to provide a dynamic user interface relating to visualization of alerts of malicious network activity, the computer system comprising:
-
one or more electronic data structures configured to store a plurality of clusters of data items, wherein each cluster of data items represents a group of related malicious network activities; and one or more hardware computer processors configured to execute software code to cause the computer system to; access the plurality of clusters of data items from the one or more electronic data structures; analyze the plurality of clusters of data items to determine, for each cluster of the plurality of clusters, respective types of malicious network activity associated with the clusters of data items; group, into a plurality of groups of clusters, the plurality of clusters of data items such that each group of clusters of the plurality of groups of clusters comprises clusters of data items associated with respective same types of malicious network activity; and provide a dynamic graphical user interface including a plurality of tiles each representing a different one of the plurality of groups of clusters, wherein each of the respective tiles includes at least; respective indications of the types of malicious network activity associated with the respective tiles; and respective numbers of data clusters included in the groups of clusters associated with the respective tiles representing the types of malicious network activity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer system configured to provide a dynamic user interface relating to visualization of alerts of malicious activity, the computer system comprising:
-
one or more electronic data structures configured to store a plurality of clusters of data items, wherein each cluster of data items represents a group of related malicious activities; and one or more hardware computer processors configured to execute software code to cause the computer system to; access the plurality of clusters of data items from the one or more electronic data structures; analyze the plurality of clusters of data items to determine, for each of the clusters, respective one or more attribute values associated with the respective clusters of data items; provide a dynamic user interface configured to include at least indications of a plurality of types of attributes; and in response to a user input selecting a first type of attribute, update the dynamic user interface to include at least; indications of a first one or more attribute values associated with the first type of attribute, wherein each of the first one or more attribute values is indicated along with a corresponding graphical tile in the dynamic user interface; and for each of the first one or more attribute values, and overlaid on the respective graphical tiles, respective numbers of data clusters associated with the respective one or more attribute values. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A computer system configured to provide a dynamic user interface relating to visualization of alerts of malicious network activity, the computer system comprising:
-
one or more electronic data structures configured to store a plurality of clusters of data items, wherein each cluster of data items represents a group of related malicious network activities; and one or more hardware computer processors configured to execute software code to cause the computer system to; access the plurality of clusters of data items from the one or more electronic data structures; analyze the plurality of clusters of data items to determine, for each cluster of the plurality of clusters; respective types of malicious network activity associated with the clusters of data items, and respective criticalities of the malicious network activity represented by the respective clusters of data items; and provide a dynamic user interface configured to include at least; for each cluster of the plurality of clusters, a respective graphical tile representing an alert corresponding to the cluster, wherein the graphical tile visually indicates at least the criticality of the malicious network activity represented by the cluster and a type of the malicious network activity represented by the cluster. - View Dependent Claims (15, 16, 17, 18)
-
Specification