SYSTEMS AND METHODS FOR DETECTING RESOURCES RESPONSIBLE FOR EVENTS

US 20180191745A1
Filed: 12/26/2017
Published: 07/05/2018
Est. Priority Date: 12/30/2016
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a memory storing instructions; and

a processor configured to execute the instructions to perform operations comprising;

receiving data associated with a resource;

identifying, based on the data associated with the resource, first actors that have accessed the resource;

determining, based on the first actors, a number of unique actors that have accessed the resource;

identifying, from the first actors, a set of affected actors that have been affected by an event;

identifying, from the set of affected actors, a subset of resource-affected actors comprising the affected actors that accessed the resource prior to being affected by the event;

determining a number of resource-affected actors in the subset of resource-affected actors;

determining an event score for the resource based on the number of unique actors and the number of resource-affected actors, wherein the event score comprises a lower bound of a confidence interval of a binomial proportion of the number of resource-affected actors to the number of unique actors; and

determining whether the resource is responsible for the event based on the event score for the resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are disclosed for identifying resources responsible for events. In one embodiment, a method may include determining a number of unique actors in a plurality of actors that have accessed the resource. The method may further include identifying from the plurality of actors a set of affected actors that has been affected by an event and identifying from the set of affected actors a subset of resource-affected actors that accessed the resource prior to being affected by the event. The method may further include determining a number of resource-affected actors in the subset of resource-affected actors and, based on the number of unique actors and the number of resource-affected actors, determining an event score for the resource. The event score may be a lower bound of a confidence interval of a binomial proportion of the number of resource-affected actors to the number of unique actors.

66 Citations

View as Search Results

20 Claims

1. A system, comprising:
- a memory storing instructions; and
  
  a processor configured to execute the instructions to perform operations comprising;
  
  receiving data associated with a resource;
  
  identifying, based on the data associated with the resource, first actors that have accessed the resource;
  
  determining, based on the first actors, a number of unique actors that have accessed the resource;
  
  identifying, from the first actors, a set of affected actors that have been affected by an event;
  
  identifying, from the set of affected actors, a subset of resource-affected actors comprising the affected actors that accessed the resource prior to being affected by the event;
  
  determining a number of resource-affected actors in the subset of resource-affected actors;
  
  determining an event score for the resource based on the number of unique actors and the number of resource-affected actors, wherein the event score comprises a lower bound of a confidence interval of a binomial proportion of the number of resource-affected actors to the number of unique actors; and
  
  determining whether the resource is responsible for the event based on the event score for the resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the confidence interval comprises a Clopper-Pearson interval.
  - 3. The system of claim 1, wherein the confidence interval comprises a Wald Interval.
  - 4. The system of claim 1, wherein determining whether the resource is responsible for the event comprises determining whether the event score exceeds a predetermined threshold.
  - 5. The system of claim 1, further comprising flagging as affected each actor in the first actors when the resource is determined to be responsible for the event.
  - 6. The system of claim 1, wherein:
    - the resource comprises a database;
      
      the first actors comprise a plurality of accounts; and
      
      the event comprises a database breach.
  - 7. The system of claim 1, wherein:
    - the resource comprises a system associated with a merchant;
      
      the first actors comprise a plurality of financial cards; and
      
      the event comprises a fraudulent transaction.
  - 8. The system of claim 1, wherein identifying the first actors that have accessed the resource comprises applying a Bloom filter to the data associated with the resource.
  - 9. The system of claim 1, further comprising:
    - providing invitations to decline authorization for future transactions to customers associated with the first actors, wherein the first actors are financial accounts of the customers.
  - 10. The system of claim 1, wherein determining a number of resource-affected actors in the subset of resource-affected actors further comprises calculating a weighted sum of the subset of resource-affected actors, weighted according to a proportion of a number of accesses for each of the subset of resource-affected actors that were accesses of the resource.

11. A system for real-time identification of security breaches, comprising:
- a memory storing instructions; and
  
  a processor configured to execute the instructions to perform operations comprising;
  
  receiving data associated with a resource;
  
  identifying, in real-time as the data associated with the resource is received, first actors that have accessed the resource;
  
  determining, based on the first actors, a number of unique actors that have accessed the resource;
  
  identifying, from the first actors, a set of affected actors that have been affected by a security breach;
  
  identifying, from the set of affected actors, a subset of resource-affected actors comprising affected actors that accessed the resource prior to being affected by the security breach;
  
  determining a number of resource-affected actors in the subset of resource-affected actors;
  
  determining an event score for the resource based on the number of unique actors and the number of resource-affected actors, wherein the event score comprises a lower bound of a confidence interval of a binomial proportion of the number of resource-affected actors to the number of unique actors; and
  
  determining whether the resource is responsible for the event based on the event score for the resource.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the confidence interval comprises a Clopper-Pearson interval.
  - 13. The system of claim 11, wherein the confidence interval comprises a Wald Interval.
  - 14. The system of claim 11, wherein determining whether the resource is responsible for the security breach comprises determining whether the event score exceeds a predetermined threshold.
  - 15. The system of claim 11, further comprising flagging as affected each actor in the first actors when the resource is determined to be responsible for the security breach.
  - 16. The system of claim 11, wherein:
    - the resource comprises a database;
      
      the first actors comprise a plurality of accounts; and
      
      the security breach comprises a database breach.
  - 17. The system of claim 11, wherein:
    - the resource comprises a system associated with a merchant;
      
      the first actors comprise a plurality of financial cards; and
      
      the security breach comprises an instance of fraud.
  - 18. The system of claim 11, wherein identifying the first actors that have accessed the resource comprises applying a Bloom filter to the data associated with the resource.
  - 19. The system of claim 11, further comprising:
    - providing invitations to decline authorization for future transactions to customers associated the first actors, wherein the first actors are financial accounts of the customers.
  - 20. The system of claim 11, wherein determining a number of resource-affected actors in the subset of resource-affected actors further comprises calculating a weighted sum of the subset of resource-affected actors, weighted according to a proportion of a number of accesses for each of the subset of resource-affected actors that were accesses of the resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors

Granted Patent

US 10,356,110 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/24578   using ranking

G06F 16/9038   Presentation of query results

G06F 21/552   involving long-term monitor...

G06F 21/60   Protecting data

G06N 7/01   Probabilistic graphical mod...

G06Q 10/0635   Risk analysis of enterprise...

G06Q 20/4016   involving fraud or risk lev...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1475   Passive attacks, e.g. eaves...

H04W 12/12   Detection or prevention of ...

H04W 12/122   Counter-measures against at...

H04W 12/126   Anti-theft arrangements, e....

SYSTEMS AND METHODS FOR DETECTING RESOURCES RESPONSIBLE FOR EVENTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

66 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

SYSTEMS AND METHODS FOR DETECTING RESOURCES RESPONSIBLE FOR EVENTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others