ORDER CLUSTERING AND MALICIOUS INFORMATION COMBATING METHOD AND APPARATUS

US 20200134702A1
Filed: 12/19/2019
Published: 04/30/2020
Est. Priority Date: 11/18/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for order clustering in a distributed order system performed by one or more processors comprising:

receiving, by the one or more processors over a network, order information for an order representing an electronic transaction in the distributed order system for a product or a service;

generating, by the one or more processors, a unique order identifier (ID) and order content based on the received order information;

creating, by the one or more processors, an order vector for the order based on the order content;

adding, by the one or more processors, the order to an order cluster based on a similarity between the created order vector and a representative order vector corresponding to a representative order in the order cluster;

analyzing, by the one or more processors, the representative order vector corresponding to the representative order in the order cluster to determine if the representative order is malicious; and

when a determination is made that the representative order is malicious, performing, by the one or more processors, malicious order processing on the orders in the order cluster.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Order information for an order representing an electronic transaction in the distributed order system for a product or a service is received by one or more processors over a network. A unique order ID and order content based on the received order information are generated. An order vector for the order is created based on the order content. The order is added to an order cluster based on a similarity between the created order vector and a representative order vector corresponding to a representative order in the order cluster. The representative order vector corresponding to the representative order in the order cluster is analyzed to determine if the representative order is malicious. A determination is made as to whether the representative order is malicious. If the representative order is malicious, then malicious order processing is performed on the orders in the order cluster.

Citations

20 Claims

1. A computer-implemented method for order clustering in a distributed order system performed by one or more processors comprising:
- receiving, by the one or more processors over a network, order information for an order representing an electronic transaction in the distributed order system for a product or a service;
  
  generating, by the one or more processors, a unique order identifier (ID) and order content based on the received order information;
  
  creating, by the one or more processors, an order vector for the order based on the order content;
  
  adding, by the one or more processors, the order to an order cluster based on a similarity between the created order vector and a representative order vector corresponding to a representative order in the order cluster;
  
  analyzing, by the one or more processors, the representative order vector corresponding to the representative order in the order cluster to determine if the representative order is malicious; and
  
  when a determination is made that the representative order is malicious, performing, by the one or more processors, malicious order processing on the orders in the order cluster.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, wherein adding the order to the order cluster comprises mapping the content of the order to a characteristic string that is shared by the existing order vectors in the order cluster.
  - 3. The computer-implemented method of claim 2, further comprising:
    - determining that the characteristic string of the created order vector does not match the characteristic string of the existing order vectors in the order cluster; and
      
      creating a new order cluster that includes the created order vector.
  - 4. The computer-implemented method of claim 1, wherein determining that the representative order is malicious includes determining that order remark information embedded in the representative order vector includes a uniform resource locator (URL) address of a phishing website.
  - 5. The computer-implemented method of claim 1, wherein determining that the representative order is malicious includes determining that order remark information for the order embedded in the representative order vector includes promotional information that is malicious, wherein the promotional information includes one or both of promotional text and a promotional image.
  - 6. The computer-implemented method of claim 1, wherein creating the order vector for the order using the order ID and the order content includes converting the order content to a term frequency-inverse document frequency (TF-IDF) vector representing the order content, wherein the TF-IDF vector is operable to be analyzed for containing malicious indicators.
  - 7. The computer-implemented method of claim 1, wherein generating the unique order ID is based on a user ID, an order ID, and a product or service type in the order information for the order, and wherein generating the order content is based on one or both of an order title or order remark information in the order information for the order.

8. A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations comprising:
- receiving, by the one or more processors over a network, order information for an order representing an electronic transaction in the distributed order system for a product or a service;
  
  generating, by the one or more processors, a unique order identifier (ID) and order content based on the received order information;
  
  creating, by the one or more processors, an order vector for the order based on the order content;
  
  adding, by the one or more processors, the order to an order cluster based on a similarity between the created order vector and a representative order vector corresponding to a representative order in the order cluster;
  
  analyzing, by the one or more processors, the representative order vector corresponding to the representative order in the order cluster to determine if the representative order is malicious; and
  
  when a determination is made that the representative order is malicious, performing, by the one or more processors, malicious order processing on the orders in the order cluster.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory, computer-readable medium of claim 8, wherein adding the order to the order cluster comprises mapping the content of the order to a characteristic string that is shared by the existing order vectors in the order cluster.
  - 10. The non-transitory, computer-readable medium of claim 9, the operations further comprising:
    - determining that the characteristic string of the created order vector does not match the characteristic string of the existing order vectors in the order cluster; and
      
      creating a new order cluster that includes the created order vector.
  - 11. The non-transitory, computer-readable medium of claim 8, wherein determining that the representative order is malicious includes determining that order remark information embedded in the representative order vector includes a uniform resource locator (URL) address of a phishing website.
  - 12. The non-transitory, computer-readable medium of claim 8, wherein determining that the representative order is malicious includes determining that order remark information for the order embedded in the representative order vector includes promotional information that is malicious, wherein the promotional information includes one or both of promotional text and a promotional image.
  - 13. The non-transitory, computer-readable medium of claim 8, wherein creating the order vector for the order using the order ID and the order content includes converting the order content to a term frequency-inverse document frequency (TF-IDF) vector representing the order content, wherein the TF-IDF vector is operable to be analyzed for containing malicious indicators.
  - 14. The non-transitory, computer-readable medium of claim 8, wherein generating the unique order ID is based on a user ID, an order ID, and a product or service type in the order information for the order, and wherein generating the order content is based on one or both of an order title or order remark information in the order information for the order.

15. A computer-implemented system, comprising:
- one or more computers; and
  
  one or more computer memory devices interoperably coupled with the one or more computers and having tangible, non-transitory, machine-readable media storing one or more instructions that, when executed by the one or more computers, perform one or more operations comprising;
  
  receiving, by the one or more processors over a network, order information for an order representing an electronic transaction in the distributed order system for a product or a service;
  
  generating, by the one or more processors, a unique order identifier (ID) and order content based on the received order information;
  
  creating, by the one or more processors, an order vector for the order based on the order content;
  
  adding, by the one or more processors, the order to an order cluster based on a similarity between the created order vector and a representative order vector corresponding to a representative order in the order cluster;
  
  analyzing, by the one or more processors, the representative order vector corresponding to the representative order in the order cluster to determine if the representative order is malicious; and
  
  when a determination is made that the representative order is malicious, performing, by the one or more processors, malicious order processing on the orders in the order cluster.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-implemented system of claim 15, wherein adding the order to the order cluster comprises mapping the content of the order to a characteristic string that is shared by the existing order vectors in the order cluster.
  - 17. The computer-implemented system of claim 16, the operations further comprising:
    - determining that the characteristic string of the created order vector does not match the characteristic string of the existing order vectors in the order cluster; and
      
      creating a new order cluster that includes the created order vector.
  - 18. The computer-implemented system of claim 15, wherein determining that the representative order is malicious includes determining that order remark information embedded in the representative order vector includes a uniform resource locator (URL) address of a phishing website.
  - 19. The computer-implemented system of claim 15, wherein determining that the representative order is malicious includes determining that order remark information for the order embedded in the representative order vector includes promotional information that is malicious, wherein the promotional information includes one or both of promotional text and a promotional image.
  - 20. The computer-implemented system of claim 15, wherein creating the order vector for the order using the order ID and the order content includes converting the order content to a term frequency-inverse document frequency (TF-IDF) vector representing the order content, wherein the TF-IDF vector is operable to be analyzed for containing malicious indicators.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Advanced New Technologies Company Limited (Ant Group Co., Ltd.)
Original Assignee
Alibaba Group Holding Ltd.
Inventors
Li, Jiuxi

Granted Patent

US 11,100,567 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/00   Information retrieval; Data...

G06F 16/35   Clustering; Classification

G06F 16/907   Retrieval characterised by ...

G06F 16/9566   URL specific, e.g. using al...

G06F 18/23   Clustering techniques

G06Q 30/0185   Product, service or busines...

G06Q 30/0635   Processing of requisition o...

H04L 63/1483   service impersonation, e.g....

ORDER CLUSTERING AND MALICIOUS INFORMATION COMBATING METHOD AND APPARATUS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ORDER CLUSTERING AND MALICIOUS INFORMATION COMBATING METHOD AND APPARATUS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links