System and Method of Fraud and Misuse Detection Using Event Logs
First Claim
Patent Images
1. A method of detecting fraud or misuse in a computer environment, comprising:
- accessing user identifiers that are associated with computer users;
accessing modeled data that corresponds to at least one of fraud detection information and misuse detection information;
accessing application layer data and data corresponding to at least one of transactions and activities that are associated with the computer users;
extracting the application layer data and the data corresponding to at least one of transactions and activities that are associated with the computer users events;
normalizing the extracted data to produce records;
correlating the normalized data and the user identifiers to produce correlated information;
analyzing the correlated information and the modeled data;
determining whether the correlated information corresponds to at least one of the fraud detection information and misuse detection information.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method are provided for detecting fraud and/or misuse in a computer environment through tracking users activities at the application layer for known users. Application layer data and other data are normalized and records are created. The normalized data is correlated to user identities to produce correlated information that is analyzed against modeling information. The modeling information is generated using rules, algorithms, and/or database queries to define fraud scenarios and misuse scenarios. Reports and/or alerts may be generated if fraud and/or misuse are detected.
150 Citations
28 Claims
-
1. A method of detecting fraud or misuse in a computer environment, comprising:
-
accessing user identifiers that are associated with computer users;
accessing modeled data that corresponds to at least one of fraud detection information and misuse detection information;
accessing application layer data and data corresponding to at least one of transactions and activities that are associated with the computer users;
extracting the application layer data and the data corresponding to at least one of transactions and activities that are associated with the computer users events;
normalizing the extracted data to produce records;
correlating the normalized data and the user identifiers to produce correlated information;
analyzing the correlated information and the modeled data;
determining whether the correlated information corresponds to at least one of the fraud detection information and misuse detection information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for detecting fraud or misuse in a computer environment, comprising:
-
a user identifier module that includes user identifiers associated with computer users;
a modeled data providing module that includes data corresponding to at least one of fraud detection information and misuse detection information;
a data capturing module that is adapted to capture application layer data and data corresponding to at least one of transactions and activities that are associated with the computer users;
a parsing engine that extracts the application layer data and the data corresponding to at least one of transactions and activities that are associated with the computer users events;
a normalizing module that is configured to normalize the extracted data to produce records;
a correlating module that is adapted to correlate the normalized data and the user identifiers to produce correlated information;
an analyzing module that analyzes the correlated information and the modeled data;
a determining module that determines whether the correlated information corresponds to at least one of the fraud detection information and misuse detection information. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification