PROVIDING ALERTS BASED ON UNSTRUCTURED INFORMATION METHODS AND APPARATUS

US 20140283055A1
Filed: 03/15/2013
Published: 09/18/2014
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a data item from a remotely located information source, the data item including unstructured information;

determining a threat score for the data item by matching information associated with the data item to pre-identified information associated with a numerical value;

responsive to the threat score exceeding a predetermined threshold, creating a Common Alerting Protocol data structure that includes at least a portion of the information associated with the data item; and

transmitting the Common Alerting Protocol data structure.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and apparatus for providing alerts based on unstructured information are disclosed. An example method includes receiving a data item from a remotely located information source, the data item including unstructured information. The method also includes determining a threat score for the data item by matching information associated with the data item to pre-identified information associated with a numerical value. The method further includes responsive to the threat score exceeding a predetermined threshold, creating a Common Alerting Protocol data structure that includes at least a portion of the information associated with the data item and transmitting the Common Alerting Protocol data structure.

38 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving a data item from a remotely located information source, the data item including unstructured information;
  
  determining a threat score for the data item by matching information associated with the data item to pre-identified information associated with a numerical value;
  
  responsive to the threat score exceeding a predetermined threshold, creating a Common Alerting Protocol data structure that includes at least a portion of the information associated with the data item; and
  
  transmitting the Common Alerting Protocol data structure.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - responsive to determining that the threat score is below a second predetermined threshold, disregarding the data item,wherein the second predetermined threshold is less than the predetermined threshold.
  - 3. The method of claim 2, further comprising responsive to determining that the threat score is greater than the second predetermined threshold and less than the predetermined threshold, routing the data item to a moderator.
  - 4. The method of claim 3, further comprisingreceiving a message from the moderator regarding the data item;
    - responsive to the message including an indication to promote the data item, creating the Common Alerting Protocol data structure that includes at least the portion of the information associated with the data item and transmitting the Common Alerting Protocol data structure;
      
      responsive to the message including an indication to disregard the data item, deleting the data item; and
      
      amending the pre-identified information based on the message from the moderator and the information associated with the data item.
  - 5. The method of claim 4, wherein amending the pre-identified information includes changing the numerical value of the pre-identified information.
  - 6. The method of claim 4, wherein amending the pre-identified information includes adding at least one term to the pre-identified information from the information associated with the data item.
  - 7. The method of claim 1, wherein determining the threat score includes i) classifying the information associated with the data item based on matches to pre-identified semantic information, ii) classifying the information associated with the data item based on matches to dictionary terms or phrases, iii) determining a geographic location corresponding to the information associated with the first data item, and iv) assigning the threat score based on the classifications and the geographic location.
  - 8. The method of claim 1, further comprising determining a client that is to receive the Common Alerting Protocol data structure based on the at least a portion of the information associated with the data item being associated with the client.

9. A machine-accessible device having instructions stored thereon that, when executed, cause a machine to at least:
- determine a threat score for a first data item received from a data source by matching unstructured content within the first data item to pre-identified content associated with at least a value;
  
  responsive to the threat score exceeding a predetermined threshold, create a Common Alerting Protocol data structure that includes at least a portion of the content associated with the first data item; and
  
  transmit the Common Alerting Protocol data structure causing security personnel associated with a client to perform an action.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The machine-accessible device of claim 9, further comprising instructions stored thereon that are configured when executed to cause the machine to subscribe to the data source to receive the first data item.
  - 11. The machine-accessible device of claim 9, further comprising instructions stored thereon that are configured when executed to cause the machine to:
    - determine a semantic threat score based on the content within the first data item matching pre-identified semantic content;
      
      determine a dictionary threat score based on the content within the first data item matching pre-identified dictionary content; and
      
      determine the threat score by combining the semantic threat score with the dictionary threat score.
  - 12. The machine-accessible device of claim 9, further comprising instructions stored thereon that are configured when executed to cause the machine to determine a geographic location referenced within the first data item.
  - 13. The machine-accessible device of claim 9, further comprising instructions stored thereon that are configured when executed to cause the machine to:
    - select a first label for an urgency field within the Common Alerting Protocol data structure based on the threat score and the first data item;
      
      select a second label for a severity field within the Common Alerting Protocol data structure based on the threat score and the first data item;
      
      select a third label for a category field within the Common Alerting Protocol data structure based on the threat score and the first data item; and
      
      select a fourth label for a certainty field within the Common Alerting Protocol data structure based on the threat score and the first data item.
  - 14. The machine-accessible device of claim 9, further comprising instructions stored thereon that are configured when executed to cause the machine to:
    - determine a second threat score for a second data item received from a second data source by matching content within the second data item to the pre-identified content;
      
      responsive to the second threat score exceeding the predetermined threshold, create a second Common Alerting Protocol data structure that includes at least a portion of the content associated with the second data item; and
      
      responsive to determining the portion of the content associated with the second data item substantially matches the portion of the content associated with the first data item, discarding the second Common Alerting Protocol data structure.
  - 15. The machine-accessible device of claim 9, wherein the unstructured content includes at least one of text, a picture, a graph, a chart, a video, audio, an image, and a map.

16. An apparatus, comprising:
- an interface configured to receive an unstructured data item from a data source;
  
  a semantic classifier configured to determine a first threat score by determining content within the data item that substantially matches pre-identified semantic information;
  
  a dictionary classifier configured to determine a second threat score by determining the content within the data item that substantially matches pre-identified dictionary information;
  
  a location identifier configured to determine a third threat score by determining the content within the data item that substantially matches geographic location information;
  
  a content scorer configured to determine whether the combination of the first, second, and third threat scores is greater than a predetermined threshold; and
  
  a processor configured to create a Common Alerting Protocol data structure based on at least some of the content within the data item and the combined threat score responsive to the content scorer determining that the combined threat score is greater than the predetermined threshold.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The apparatus of claim 16, further comprising a transmitter configured to transmit the Common Alerting Protocol data structure to a decision system.
  - 18. The apparatus of claim 16, further comprising a calibration processor configured to calibrate the semantic classifier by analyzing previously received data items to determine the pre-identified semantic information.
  - 19. The apparatus of claim 18, wherein the calibration processor is configured to:
    - receive feedback from a moderator regarding a previously scored data item; and
      
      amend the pre-identified semantic information based on the feedback.
  - 20. The apparatus of claim 19, wherein the semantic classifier includes a machine learning algorithm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pinkerton Consulting & Investigations, Inc. (Securitas AB)
Original Assignee
Pinkerton Consulting & Investigations, Inc. (Securitas AB)
Inventors
ZAHRAN, JACK I.

Granted Patent

US 9,230,101 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 16/353   into predefined classes

G06F 21/55   Detecting local intrusion o...

H04L 63/1416   Event detection, e.g. attac...

PROVIDING ALERTS BASED ON UNSTRUCTURED INFORMATION METHODS AND APPARATUS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

38 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PROVIDING ALERTS BASED ON UNSTRUCTURED INFORMATION METHODS AND APPARATUS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links