Account Compromise Detection
First Claim
Patent Images
1. A method implemented by one or more computing devices, the method comprising:
- establishing a usage pattern for a user account of a service provider, the service provider configured to provide a plurality of web services for access via a network and the usage pattern describing interaction with one or more of the plurality of web services;
detecting a deviation in subsequent activity associated with the user account from the usage pattern; and
determining whether compromise of the user account is likely based at least in part on the detection.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for account compromise detection are described. In one or more implementations, a usage pattern is established for a user account of a service provider, where the service provider is configured to provide a plurality of web services for access via a network and the usage pattern describes interaction with one or more of the plurality of web services. A deviation is detected in subsequent activity associated with the user account from the usage pattern and a determination is made as to whether compromise the user account is likely based at least in part on the detection.
-
Citations
20 Claims
-
1. A method implemented by one or more computing devices, the method comprising:
-
establishing a usage pattern for a user account of a service provider, the service provider configured to provide a plurality of web services for access via a network and the usage pattern describing interaction with one or more of the plurality of web services; detecting a deviation in subsequent activity associated with the user account from the usage pattern; and determining whether compromise of the user account is likely based at least in part on the detection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method implemented by one or more computing devices, the method comprising:
-
monitoring activity associated with a user account of a service provider to establish a usage pattern for the user account, the service provider configured to provide a plurality of web services for access via a network, the usage pattern indicating one or more of the plurality of web services that are accessed via the network and one or more interfaces that are used to access respective said web services; comparing subsequent activity associated with the user account with the usage pattern; determining a deviation in the subsequent activity from the usage pattern, the deviation indicating an increase in frequency of use in one or more of the interfaces in comparison with the usage pattern; and determining whether compromise of the user account is likely based at least in part on the deviation. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A compromise detection module implemented at least in part by hardware, the compromise detection module configured to:
-
compare an established usage pattern associated with a user account of a service provider to subsequent activity associated with the user account, the service provider configured to provide a plurality of web services for access via a network and the established usage pattern indicating one or more of the plurality of web services that are accessed via the network; detect, in the subsequent activity, an increase in volume of usage of one or more of said web services based on the established usage pattern; determine whether compromise of the user account is likely based at least in part on the detection. - View Dependent Claims (17, 18, 19, 20)
-
Specification