System and method for conducting surveillance on a distributed network
First Claim
1. A method for conducting surveillance on a network, comprising:
- capturing data for a plurality of aggregated channels, the data being from individuals with transaction network access identifiers that permit the individuals to gain access to the transaction network or from applications on a transaction network;
using the data to construct a plurality of session data streams, the session data streams providing a reconstruction of a business activity participated in by the application or the individual with the transaction network;
reading a window of data in at least one of the plurality of session data streams;
testing the window of data against at least one filter to determine deviations, the at least one filter detecting behavioral changes in the applications or the individuals that have the transaction network access identifiers to access to the transaction network; and
responding to the deviations by taking defined interventions.
1 Assignment
0 Petitions
Accused Products
Abstract
A method is provided for conducting surveillance on a network. Data is captured on a network for a plurality of aggregated channels. The data is from individuals with network access identifiers that permit the individuals to gain access to the network, or applications on the network. The data is used to construct a plurality of session data streams. The session data streams provide a reconstruction of business activity participated in by the application or the individual with the network. A window of data is read in at least one of the plurality of session data streams to determine deviations. The window of data is tested against at least one filter. The at least one filter detects behavioral changes in the applications or the individuals that have the network access identifiers to access to the network. Defined intervention are taken in response to the deviations.
-
Citations
92 Claims
-
1. A method for conducting surveillance on a network, comprising:
-
capturing data for a plurality of aggregated channels, the data being from individuals with transaction network access identifiers that permit the individuals to gain access to the transaction network or from applications on a transaction network;
using the data to construct a plurality of session data streams, the session data streams providing a reconstruction of a business activity participated in by the application or the individual with the transaction network;
reading a window of data in at least one of the plurality of session data streams;
testing the window of data against at least one filter to determine deviations, the at least one filter detecting behavioral changes in the applications or the individuals that have the transaction network access identifiers to access to the transaction network; and
responding to the deviations by taking defined interventions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A network surveillance system, comprising:
-
a network;
a plurality of sensors distributed at the network configured to provide a plurality of session data streams, the session data streams providing a reconstruction of, an individual with network access identifiers that permit the individual to gain access to the network or business activity participated in by an application on the network;
at least one analyzer engine configured to receive the plurality of session data streams and produce an aggregated data stream that is a sequence of process steps;
a reader configured to read a window of data in at least one of the plurality of session data streams;
a filter that tests the window of data and detects behavioral changes in, the individual that has the network access identifiers to access the network or the application; and
at least one actuator configured to provide an intervention in response to the behavior changes. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
-
-
63. A method for conducting surveillance on a network, comprising:
-
capturing data for at least one channel, the data being from, individuals with transaction network access identifiers that permit the individuals to gain access to a transaction network, or applications on the transaction network;
using the data to construct a plurality of session data streams, the session data streams providing a reconstruction of business activity participated in by the application or the individual with the transaction network, the plurality of session data streams including an individual'"'"'s behavior pattern information. determining an individual'"'"'s normal behavior pattern information and a population'"'"'s normal behavior pattern information;
determining deviations with respect to at least one of the individual'"'"'s normal behavior pattern information, the population'"'"'s normal behavior pattern information and a known fraud pattern; and
providing interventions in response to determining deviations with respect to at least one of, the individual'"'"'s normal behavior pattern information, the population'"'"'s normal behavior pattern information or the known fraud pattern. - View Dependent Claims (64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92)
-
Specification