×

Multi-signal analysis for compromised scope identification

  • US 10,491,616 B2
  • Filed: 02/13/2017
  • Issued: 11/26/2019
  • Est. Priority Date: 02/13/2017
  • Status: Active Grant
First Claim
Patent Images

1. A method for detecting compromised scopes in an online service, comprising:

  • receiving detection results of behaviors occurring on devices within the online service;

    scoring each of the detection results based on how anomalous the respective behaviors are within the online service, wherein each of the detection results are scored based on a ratio between a subpopulation count and a population count for the respective behaviors within the online service;

    excluding one or more of the scored detection results having one or more of a subpopulation count and a population count for the behaviors below one or more of a subpopulation threshold and a population threshold, respectively;

    organizing a remaining one or more of the scored detection results according to scopes;

    applying multi-signal detection logic to a given scope from the scopes to produce a confidence score indicating whether the given scope is compromised;

    determining whether to present an alert of the given scope being compromised based on comparing the confidence score to an alert threshold; and

    in response to determining that the alert is to be presented of the given scope being compromised, generating and transmitting the alert.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×