Real-time detection and prevention of malicious activity
First Claim
1. A system comprising:
- a processor; and
a memory device comprising instructions that are executable by the processor for causing the processor to;
receive a request from a user to obtain access to an entity;
determine a plurality of data objects based on the request;
access a plurality of data-object network definitions corresponding to the plurality of data objects, each data-object network definition in the plurality of data-object network definitions representing an interconnected network of data-object nodes indicating interrelationships between a respective data object among the plurality of data objects and other data objects;
resolve an identity of the user by;
generating a combined data-object network by combining the plurality of data-object network definitions that correspond to the plurality of data objects in the request; and
identifying a data-object node in the combined data-object network that corresponds to the user; and
in response to resolving the identity of the user;
receive a profile for the user indicating behavioral information relating to the user;
determine a likelihood that the request is associated with malicious activity based on (i) the plurality of data objects, (ii) the profile, and (iii) the plurality of data-object network definitions; and
allow or deny the user access to the entity based on the likelihood that the request is associated with malicious activity.
1 Assignment
0 Petitions
Accused Products
Abstract
Malicious activity can be detected and prevented in real-time or otherwise. For example, a system of the present disclosure can receive a request from a user to obtain access to an entity, determine data objects based on the request, and access data-object network definitions corresponding to the determined data objects. The system can also receive a profile for the user indicating behavioral information relating to the user. The system can then determine a likelihood that the request is associated with malicious activity based on (i) the data objects, (ii) the profile, and (iii) the data-object network definitions. The system can allow or deny the user access to the entity based on the likelihood that the request is associated with malicious activity.
-
Citations
30 Claims
-
1. A system comprising:
-
a processor; and a memory device comprising instructions that are executable by the processor for causing the processor to; receive a request from a user to obtain access to an entity; determine a plurality of data objects based on the request; access a plurality of data-object network definitions corresponding to the plurality of data objects, each data-object network definition in the plurality of data-object network definitions representing an interconnected network of data-object nodes indicating interrelationships between a respective data object among the plurality of data objects and other data objects; resolve an identity of the user by; generating a combined data-object network by combining the plurality of data-object network definitions that correspond to the plurality of data objects in the request; and identifying a data-object node in the combined data-object network that corresponds to the user; and in response to resolving the identity of the user; receive a profile for the user indicating behavioral information relating to the user; determine a likelihood that the request is associated with malicious activity based on (i) the plurality of data objects, (ii) the profile, and (iii) the plurality of data-object network definitions; and allow or deny the user access to the entity based on the likelihood that the request is associated with malicious activity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
receiving, by a processor device, a request from a user to obtain access to an entity; determining, by the processor device, a plurality of data objects based on the request; accessing, by the processor device, a plurality of data-object network definitions corresponding to the plurality of data objects, each data-object network definition in the plurality of data-object network definitions representing an interconnected network of data-object nodes indicating interrelationships between a respective data object among the plurality of data objects and other data objects; resolving, by the processor device, an identity of the user by; generating a combined data-object network by combining the plurality of data-object network definitions that correspond to the plurality of data objects in the request; and identifying a data-object node in the combined data-object network that corresponds to the user; and in response to resolving the identity of the user; receiving, by the processor device, a profile for the user indicating behavioral information relating to the user; determining, by the processor device, a likelihood that the request is associated with malicious activity based on (i) the plurality of data objects, (ii) the profile, and (iii) the plurality of data-object network definitions; and allowing or denying, by the processor device, the user access to the entity based on the likelihood that the request is associated with malicious activity. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A non-transitory computer-readable medium comprising program code that is executable by a processor for causing the processor to:
-
receive a request from a user to obtain access to an entity; determine a plurality of data objects based on the request; access a plurality of data-object network definitions corresponding to the plurality of data objects, each data-object network definition in the plurality of data-object network definitions representing an interconnected network of data-object nodes indicating interrelationships between a respective data object among the plurality of data objects and other data objects; resolve an identity of the user by; generating a combined data-object network by combining the plurality of data-object network definitions that correspond to the plurality of data objects in the request; and identifying a data-object node in the combined data-object network that corresponds to the user; and in response to resolving the identity of the user; receive a profile for the user indicating behavioral information relating to the user; determine a likelihood that the request is associated with malicious activity based on (i) the plurality of data objects, (ii) the profile, and (iii) the plurality of data-object network definitions; and allow or deny the user access to the entity based on the likelihood that the request is associated with malicious activity. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification