SYSTEM AND METHOD OF DETECTING FRAUDULENT USER TRANSACTIONS

US 20170243223A1
Filed: 06/08/2016
Published: 08/24/2017
Est. Priority Date: 02/18/2016
Status: Active Grant

First Claim

Patent Images

1. A method for detecting fraudulent activity in user transactions, the method comprising:

collecting user behavior data during user'"'"'s interaction via an input device with one or more groups of elements of a graphical interface of an application on a computing device;

calculating, by a processor, an anomalous user behavior coefficient for each group of elements of the graphical interface based on the collected user behavior data;

calculating, by the processor, a combination of the anomalous user behavior coefficients;

detecting, by the processor, a fraudulent activity when the combination of anomalous user behavior coefficients exceeds a predetermined threshold value; and

in response to detecting a fraudulent activity, blocking, by the processor, the interaction of the user with the application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are system and method for detecting fraudulent activity in user transactions. An exemplary method comprising: collecting user behavior data during user'"'"'s interaction via an input device with one or more groups of elements of a graphical interface of an application on a computing device; calculating, by a processor, an anomalous user behavior coefficient for each group of elements of the graphical interface based on the collected user behavior data; detecting, by the processor, a fraudulent activity when a combination of anomalous user behavior coefficients exceeds a predetermined threshold value; and in response to detecting a fraudulent activity, blocking, by the processor, the interaction of the user with the application.

Citations

21 Claims

1. A method for detecting fraudulent activity in user transactions, the method comprising:
- collecting user behavior data during user'"'"'s interaction via an input device with one or more groups of elements of a graphical interface of an application on a computing device;
  
  calculating, by a processor, an anomalous user behavior coefficient for each group of elements of the graphical interface based on the collected user behavior data;
  
  calculating, by the processor, a combination of the anomalous user behavior coefficients;
  
  detecting, by the processor, a fraudulent activity when the combination of anomalous user behavior coefficients exceeds a predetermined threshold value; and
  
  in response to detecting a fraudulent activity, blocking, by the processor, the interaction of the user with the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the user'"'"'s interaction with one or more groups of elements involves the user performing a financial transaction via one of a banking application, banking website, or an automated teller machine.
  - 3. The method of claim 1, wherein collecting user behavior further includes:
    - performing depersonalization of the collected user data by generating a hashsum of the data.
  - 4. The method of claim 1, wherein calculating an anomalous user behavior coefficient includes training a behavior classification algorithm using know behavior of the user.
  - 5. The method of claim 1, wherein the anomalous user behavior coefficient is a numerical value calculated by applying simple probabilistic classifier to the collected user behavior data.
  - 6. The method of claim 1, wherein the user behavior data used for calculating an anomalous user behavior coefficient for a group of elements of the graphical user interface includes one or more of:
    - a number of times the users access a group of elements of the graphical interface;
      
      a number of groups of elements of the graphical interface by interacting with which the user can obtain access to another group of elements of the graphical interface;
      
      a number of elementary actions of the user needed to complete a transaction, wherein an elementary action includes one or more of a moving a mouse cursor, pressing a key of an input device, moving of a user'"'"'s finger or a stylus across the screen of the computing device without lifting off from the screen surface, touching of a user'"'"'s finger or the stylus to the screen of the computing device; and
      
      a number of known cases of fraudulent activity carried out on behalf of the user in an established period of time.
  - 7. The method of claim 1, wherein in response to detecting a fraudulent activity, classifying the application performing the fraudulent activity as malicious.

8. A system for detecting fraudulent activity in user transactions, the system comprising:
- a hardware processor configured to;
  
  collect user behavior data during user'"'"'s interaction via an input device with one or more groups of elements of a graphical interface of an application on a computing device;
  
  calculate an anomalous user behavior coefficient for each group of elements of the graphical interface based on the collected user behavior data;
  
  calculate a combination of the anomalous user behavior coefficients;
  
  detect a fraudulent activity when the combination of anomalous user behavior coefficients exceeds a predetermined threshold value; and
  
  in response to detecting a fraudulent activity, block the interaction of the user with the application.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the user'"'"'s interaction with one or more groups of elements involves the user performing a financial transaction via one of a banking application, banking website, or an automated teller machine.
  - 10. The system of claim 8, wherein collecting user behavior further includes:
    - performing depersonalization of the collected user data by generating a hashsum of the data.
  - 11. The system of claim 8, wherein calculating an anomalous user behavior coefficient includes training a behavior classification algorithm using know behavior of the user.
  - 12. The system of claim 8, wherein the anomalous user behavior coefficient is a numerical value calculated by applying simple probabilistic classifier to the collected user behavior data.
  - 13. The system of claim 8, wherein the user behavior data used for calculating an anomalous user behavior coefficient for a group of elements of the graphical user interface includes one or more of:
    - a number of times the users access a group of elements of the graphical interface;
      
      a number of groups of elements of the graphical interface by interacting with which the user can obtain access to another group of elements of the graphical interface;
      
      a number of elementary actions of the user needed to complete a transaction, wherein an elementary action includes one or more of a moving a mouse cursor, pressing a key of an input device, moving of a user'"'"'s finger or a stylus across the screen of the computing device without lifting off from the screen surface, touching of a user'"'"'s finger or the stylus to the screen of the computing device; and
      
      a number of known cases of fraudulent activity carried out on behalf of the user in an established period of time.
  - 14. The system of claim 8, wherein in response to detecting a fraudulent activity, classifying the application performing the fraudulent activity as malicious.

15. A non-transitory computer readable medium storing computer executable instructions for detecting fraudulent activity in user transactions, including instructions for:
- collecting user behavior data during user'"'"'s interaction via an input device with one or more groups of elements of a graphical interface of an application on a computing device;
  
  calculating, by a processor, an anomalous user behavior coefficient for each group of elements of the graphical interface based on the collected user behavior data;
  
  calculating, by the processor, a combination of the anomalous user behavior coefficients;
  
  detecting, by the processor, a fraudulent activity when the combination of anomalous user behavior coefficients exceeds a predetermined threshold value; and
  
  in response to detecting a fraudulent activity, blocking, by the processor, the interaction of the user with the application.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The non-transitory computer readable medium of claim 15, wherein the user'"'"'s interaction with one or more groups of elements involves the user performing a financial transaction via one of a banking application, banking website, or an automated teller machine.
  - 17. The non-transitory computer readable medium of claim 15, wherein collecting user behavior further includes:
    - performing depersonalization of the collected user data by generating a hashsum of the data.
  - 18. The non-transitory computer readable medium of claim 15, wherein calculating an anomalous user behavior coefficient includes training a behavior classification algorithm using know behavior of the user.
  - 19. The non-transitory computer readable medium of claim 15, wherein the anomalous user behavior coefficient is a numerical value calculated by applying simple probabilistic classifier to the collected user behavior data.
  - 20. The non-transitory computer readable medium of claim 15, wherein the user behavior data used for calculating an anomalous user behavior coefficient for a group of elements of the graphical user interface includes one or more of:
    - a number of times the users access a group of elements of the graphical interface;
      
      a number of groups of elements of the graphical interface by interacting with which the user can obtain access to another group of elements of the graphical interface;
      
      a number of elementary actions of the user needed to complete a transaction, wherein an elementary action includes one or more of a moving a mouse cursor, pressing a key of an input device, moving of a user'"'"'s finger or a stylus across the screen of the computing device without lifting off from the screen surface, touching of a user'"'"'s finger or the stylus to the screen of the computing device; and
      
      a number of known cases of fraudulent activity carried out on behalf of the user in an established period of time.
  - 21. The non-transitory computer readable medium of claim 15, wherein in response to detecting a fraudulent activity, classifying the application performing the fraudulent activity as malicious.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lab A.O. Kaspersky
Original Assignee
Lab A.O. Kaspersky
Inventors
Kolotinsky, Evgeny B., Skvortsov, Vladimir A.

Granted Patent

US 10,235,673 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/552   involving long-term monitor...

G06F 3/033   Pointing devices displaced ...

G06F 3/0484   for the control of specific...

G06F 3/0488   using a touch-screen or dig...

G06Q 20/1085   involving automatic teller ...

G06Q 20/4016   involving fraud or risk lev...

G06Q 40/00   Finance; Insurance; Tax str...

G06Q 40/02   Banking, e.g. interest calc...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

SYSTEM AND METHOD OF DETECTING FRAUDULENT USER TRANSACTIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD OF DETECTING FRAUDULENT USER TRANSACTIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links