DETECTING INAPPROPRIATE ACTIVITY BY ANALYSIS OF USER INTERACTIONS

US 20080162202A1
Filed: 12/29/2006
Published: 07/03/2008
Est. Priority Date: 12/29/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method for a computing system of an electronic marketplace to automatically inhibit inappropriate interactions of users with the electronic marketplace, the method comprising:

receiving information describing a sequence of multiple interactions of a user with the electronic marketplace, the sequence of multiple user interactions being related to one or more potential transactions of one or more items via the electronic marketplace;

automatically analyzing the received information describing the sequence of multiple interactions to determine whether the user is suspected of being engaged in fraudulent activity with respect to the electronic marketplace, the analyzing including applying multiple assessment tests to the received information describing the sequence of multiple interactions so as to assess multiple factors related to the sequence of multiple interactions; and

if it is determined that the user is suspected of being engaged in fraudulent activity based on the automatic analyzing, taking one or more actions to inhibit the fraudulent activity by the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for detecting inappropriate activities based on interactions with Web sites and other electronic information services. In some situations, the techniques involve analyzing user interactions with an electronic information service in order to determine whether the user interactions are likely to reflect fraudulent activities by the user. In at least some situations, information about user interactions may be analyzed by applying one or more assessment tests that are each configured to assess one or more aspects of the interactions and to provide indications of whether those interaction aspects reflect inappropriate activities. If an analysis of one or more user interactions determines that a user is suspected of inappropriate activity, various actions may be taken to inhibit the inappropriate activity from continuing or recurring in the future.

Citations

45 Claims

1. A method for a computing system of an electronic marketplace to automatically inhibit inappropriate interactions of users with the electronic marketplace, the method comprising:
- receiving information describing a sequence of multiple interactions of a user with the electronic marketplace, the sequence of multiple user interactions being related to one or more potential transactions of one or more items via the electronic marketplace;
  
  automatically analyzing the received information describing the sequence of multiple interactions to determine whether the user is suspected of being engaged in fraudulent activity with respect to the electronic marketplace, the analyzing including applying multiple assessment tests to the received information describing the sequence of multiple interactions so as to assess multiple factors related to the sequence of multiple interactions; and
  
  if it is determined that the user is suspected of being engaged in fraudulent activity based on the automatic analyzing, taking one or more actions to inhibit the fraudulent activity by the user.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein the user is a customer of the electronic marketplace, wherein the sequence of multiple interactions of the user with the electronic marketplace are performed by the user as part of a potential transaction by the user to purchase one or more items via the electronic marketplace, wherein the automatic analyzing includes determining that the user is suspected of being engaged in fraudulent activity related to the purchasing of the one or more items, and wherein the taking of the one or more actions includes at least one of delaying the potential transaction to enable one or more human operators to perform manual review of whether the user is engaged in fraudulent activity and of automatically preventing the potential transaction.
  - 3. The method of claim 1 wherein the user is a seller of items via the electronic marketplace, wherein the sequence of multiple interactions of the user with the electronic marketplace are performed by the user as part of enabling sales of one or more items to other users as part of potential transactions via the electronic marketplace, wherein the automatic analyzing includes determining that the user is suspected of being engaged in fraudulent activity related to the potential transactions, and wherein the taking of the one or more actions includes at least one of delaying the potential transactions to enable one or more human operators to perform manual review of whether the user is engaged in fraudulent activity and of automatically preventing the potential transactions.
  - 4. The method of claim 1 further comprising determining summary information about at least some of the multiple interactions, the summary information including an average of an amount of time between each of the at least some interactions and a total time between a first of the at least some interactions and a last of the at least some interactions, and wherein the automatic analyzing includes determining that the user is suspected of being engaged in fraudulent activity based on the assessment tests being configured to identify the summary information in the received information.
  - 5. The method of claim 4 wherein the sequence of multiple interactions includes a path of multiple information resources being consecutively accessed by the user, wherein the path is associated with users previously engaged in fraudulent activities, and wherein the automatic analyzing includes determining that the user is suspected of being engaged in fraudulent activity based in part on at least one of the assessment tests being configured to identify the path in the received information.
  - 6. The method of claim 1 wherein the multiple assessment tests are each configured to assess one or more of the multiple factors related to the sequence of multiple interactions and to indicate a degree of likelihood that the user is engaged in appropriate activity based on the one or more assessed factors for the assessment test, wherein the automatic analyzing of the received information includes combining the indicated degrees of likelihood from the applied multiple assessment tests, and wherein the determining of whether the user is suspected of being engaged in fraudulent activity includes determining that the user is suspected of being engaged in fraudulent activity if the combined degrees of likelihood exceed a threshold value.

7. A computer-implemented method for an electronic information service to inhibit inappropriate activities of users, the method comprising:
- receiving information describing a sequence of multiple interactions of a user with the electronic information service, the user interactions including at least one of requests for information from the electronic information service and of supplying of information from the user to the electronic information service;
  
  analyzing the received information about the sequence of multiple interactions to determine whether the user is suspected of being engaged in inappropriate activity with respect to the electronic information service, the analyzing including applying one or more assessment tests to the received information describing the sequence of multiple interactions; and
  
  if it is determined that the user is suspected of being engaged in inappropriate activity, taking one or more actions to inhibit inappropriate activities by the user.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 8. The method of claim 7 wherein the received information describing the sequence of multiple interactions includes one or more indications of information resources being requested by the user, wherein at least one of the indicated information resources is associated with users previously engaged in inappropriate activities, and wherein the analyzing includes automatically determining that the user is suspected of being engaged in inappropriate activity based on at least one of the one or more assessment tests being configured to identify the at least one indicated information resources in the received information.
  - 9. The method of claim 8 wherein the one or more indications of the information resources include at least one of a name of a file to be provided by the electronic information service to the user, a name of an executable resource to be executed by the electronic information service for the user, and a search query provided by the user.
  - 10. The method of claim 8 wherein access to the at least one indicated information resources by a user is statistically correlated with the user being engaged in inappropriate activities.
  - 11. The method of claim 7 wherein the sequence of multiple interactions includes multiple information resources being requested by the user, and wherein the analyzing includes determining that the user is suspected of being engaged in inappropriate activity based on at least one of the one or more assessment tests being configured to identify a combination of the multiple information resources in the received information.
  - 12. The method of claim 7 wherein the received information describing the sequence of multiple interactions includes summary information about at least some of the multiple interactions, and wherein the analyzing includes automatically determining that the user is suspected of being engaged in inappropriate activity based on at least one of the one or more assessment tests being configured to identify the summary information in the received information.
  - 13. The method of claim 12 wherein the summary information includes at least one of an average of an amount of time between each of the at least some interactions and a total time between a first of the at least some interactions and a last of the at least some interactions.
  - 14. The method of claim 12 wherein the summary information includes at least one of a frequency of occurrence of the at least some interactions, a variance of time intervals between the at least some interactions, and a quantity of the at least some interactions.
  - 15. The method of claim 7 wherein the analyzing of the received information about the sequence of multiple interactions includes identifying a subset of the multiple interactions that correspond to a predetermined type of activity, determining one or more amounts of time associated with the subset of interactions, and automatically determining that the user is suspected of being engaged in inappropriate activity based on at least one of the one or more assessment tests being configured to identify at least one of the determined amounts of time for the predetermined type of activity.
  - 16. The method of claim 7 wherein the sequence of multiple interactions includes a path of multiple information resources being consecutively accessed by the user, wherein the path is associated with users previously engaged in inappropriate activities, and wherein the analyzing includes automatically determining that the user is suspected of being engaged in inappropriate activity based on at least one of the one or more assessment tests being configured to identify the path in the received information.
  - 17. The method of claim 7 wherein the received information describing the sequence of multiple interactions includes at least one of metadata associated with one or more requests received from the user as part of the multiple interactions, and data being uploaded by the user to the electronic information service as part of the multiple interactions.
  - 18. The method of claim 7 wherein the received information describing the sequence of multiple interactions includes at least one of a network address associated with at least some of the multiple interactions, an indication of a client application associated with at least some of the multiple interactions, and an indication of a transaction being performed by the user via at least some of the multiple interactions.
  - 19. The method of claim 7 further comprising receiving additional information related to the user and using at least some of the additional information as part of the analyzing, the additional information including at least one of information about an account of the user and information about past activities of the user with the electronic information service.
  - 20. The method of claim 7 wherein the analyzing of the received information about the sequence of multiple interactions includes providing at least some of the received information to one or more human operators for manual analysis.
  - 21. The method of claim 7 wherein the receiving of the information describing the sequence of multiple interactions includes obtaining information about interactions by multiple users with the electronic information service during a period of time and identifying the sequence of multiple interactions by the user from the obtained information.
  - 22. The method of claim 21 wherein the receiving of the information describing the sequence of multiple interactions further includes identifying multiple sequences of interactions by multiple users from the obtained information, and wherein the method further comprises automatically analyzing each of the identified sequences of interactions to determine whether the interactions are suspected of corresponding to inappropriate activity.
  - 23. The method of claim 21 wherein the received information about the interactions by the multiple users is information stored in at least one of a log file for the electronic information service and a database for the electronic information service.
  - 24. The method of claim 7 wherein the received information describing the sequence of multiple interactions is obtained in a substantially realtime manner as the user performs the multiple interactions.
  - 25. The method of claim 7 wherein the analyzing of the received information by applying the one or more assessment tests to the received information includes automatically applying multiple assessment tests that are each configured to assess one or more of multiple factors related to the sequence of multiple interactions, the applying of each of the multiple assessment tests to the received information resulting in an indication of a degree of likelihood that the user is engaged in appropriate activity based on the one or more assessed factors for the assessment test, and combining the indicated degrees of likelihood from the applied multiple assessment tests, such that the determining of whether the user is suspected of being engaged in inappropriate activity with respect to the electronic information service is based at least in part on the combined degrees of likelihood.
  - 26. The method of claim 25 wherein the determining of whether the user is suspected of being engaged in inappropriate activity based at least in part on the combined degrees of likelihood includes comparing the combined degrees of likelihoods to a threshold value and determining that the user is suspected of being engaged in inappropriate activity if the combined degrees of likelihood exceed the threshold value.
  - 27. The method of claim 26 wherein the threshold value is automatically determined based at least in part on analysis of multiple prior observations of inappropriate and/or appropriate activity by users during interactions with the electronic information service.
  - 28. The method of claim 7 wherein the applying of the one or more assessment tests provides an indication of a likelihood of inappropriate activity of the user, such that the determining of whether the user is suspected of being engaged in inappropriate activity with respect to the electronic information service is based at least in part on the indicated likelihood.
  - 29. The method of claim 7 wherein the one or more assessment tests are automatically generated based at least in part on analysis of multiple prior interactions of users with an electronic information service and one or more indications of whether at least some of the multiple prior interactions were related to inappropriate activities.
  - 30. The method of claim 29 wherein the analysis of the multiple prior interactions includes identifying one or more factors correlated with inappropriate activity, and wherein the one or more assessment tests are each configured to identify at least one of the identified factors from the received information.
  - 31. The method of claim 7 wherein the analyzing of the received information by applying the one or more assessment tests includes selecting the one or more assessment tests from multiple assessment tests based at least in part on the sequence of multiple interactions.
  - 32. The method of claim 7 wherein the taking of the one or more actions to inhibit inappropriate activities by the user includes at least one of suspending an account of the user related to accessing the electronic information service and blocking further interactions of the user with the electronic information service.
  - 33. The method of claim 7 wherein the taking of the one or more actions to inhibit inappropriate activities by the user includes notifying a human operator to perform further manual review of at least some of the multiple interactions of the user with the electronic information service.
  - 34. The method of claim 7 wherein at least some of the multiple interactions of the user with the electronic information service are related to initiating a transaction by the user for one or more items via the electronic information service, and wherein the taking of the one or more actions to inhibit inappropriate activities by the user includes initiating special handling for the transaction.
  - 35. The method of claim 7 wherein the method is performed to detect inappropriate activities in an electronic marketplace provided by the electronic information service, and wherein the inappropriate activities include at least one of a fraudulent purchase of an item by a user, a fraudulent sale of an item by a user, unauthorized access to a user account for the electronic marketplace, and a violation of conditions for using the electronic marketplace.
  - 36. The method of claim 7 wherein the method is performed by a computing system of an inappropriate activity detection service provider in exchange for a fee obtained from a third-party entity that operates the electronic information service.
  - 37. The method of claim 7 wherein the electronic information service is provided by a Web server, and wherein at least some of the multiple interactions are HTTP requests received from the user using Web-based software.

38. A computer-readable medium whose contents enable a computing device to automatically inhibit inappropriate activities at an electronic information service, by performing a method comprising:
- receiving information related to one or more interactions of a user with an electronic information service;
  
  automatically determining whether the user is suspected of being engaged in inappropriate activity based on the one or more interactions; and
  
  if it is determined that the user is suspected of being engaged in inappropriate activity, taking one or more actions to inhibit inappropriate activities by the user.
- View Dependent Claims (39, 40, 41)
- - 39. The computer-readable medium of claim 38 wherein the one or more interactions are part of a sequence of multiple interactions of the user with the electronic information service, wherein the user interactions include at least one of requests for information from the electronic information service and of information being supplied to the electronic information service, and wherein the automatic determining of whether the user is suspected of being engaged in inappropriate activity includes applying one or more assessment tests to the received information related to the interactions, each assessment test providing information related to a likelihood of inappropriate activity based on at least some of the received information.
  - 40. The computer-readable medium of claim 38 wherein the computer-readable medium is at least one of a memory of a computing device and a data transmission medium transmitting a generated data signal containing the contents.
  - 41. The computer-readable medium of claim 38 wherein the contents are instructions that when executed cause the computing device to perform the method.

42. A computing device configured to automatically inhibit inappropriate activities at an electronic information service, comprising:
- a memory; and
  
  an inappropriate activity detector system configured to,receive one or more indications of multiple interactions with an electronic information service;
  
  automatically determine whether the at least some of the multiple interactions are suspected of reflecting inappropriate activity with respect to the electronic information service; and
  
  if it is determined that at least some of the multiple interactions are suspected of reflecting inappropriate activity, take one or more actions to inhibit the inappropriate activity.
- View Dependent Claims (43, 44, 45)
- - 43. The computing device of claim 42 wherein the multiple interactions with the electronic information service are by a user and include at least one of requests for information from the electronic information service and of information being supplied to the electronic information service, and wherein the inappropriate activity detector system is further configured to automatically determine whether the user is suspected of being engaged in the inappropriate activity by applying one or more assessment tests to obtained information related to the at least some multiple interactions, each assessment test providing information related to a likelihood of inappropriate activity based on at least some of the obtained information.
  - 44. The computing device of claim 42 wherein the inappropriate activity detector system includes software instructions for execution in memory of the computing device.
  - 45. The computing device of claim 42 wherein the inappropriate activity detector system consists of means for,receiving one or more indications of multiple interactions with an electronic information service;
    - automatically determining whether the at least some of the multiple interactions are suspected of reflecting inappropriate activity; and
      
      if it is determined that at least some of the multiple interactions are suspected of reflecting inappropriate activity, taking one or more actions to inhibit the inappropriate activity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Kalenkovich, Eugene, Khanna, Richendra, Chopra, Rajiv

Application Number

US11/618,309
Publication Number

US 20080162202A1
Time in Patent Office

Days
Field of Search
US Class Current

705/7
CPC Class Codes

G06Q 20/10   specially adapted for elect...

G06Q 30/0248   Avoiding fraud

G06Q 30/06   Buying, selling or leasing ...

DETECTING INAPPROPRIATE ACTIVITY BY ANALYSIS OF USER INTERACTIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

DETECTING INAPPROPRIATE ACTIVITY BY ANALYSIS OF USER INTERACTIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links