System and method for detecting fraudulent network usage patterns using real-time network monitoring
First Claim
1. A computerized fraud detection system for detecting network usage patterns indicative of fraud from at least two disparate networks, each of said networks providing event records resulting from use of the respective network, comprising:
- at least one data collector concurrently connected to each of said disparate networks for receiving at least one event record from each of said disparate networks, wherein said event record comprises a plurality of fields;
at least one interface for analyzing each of said at least one received event record to determine its type based on user-defined parameters; and
a fraud detection engine for identifying predetermined fields in said at least one analyzed event record to be used as keys, wherein said user pre-selects at least one of any field in said event record to be a key, for measuring usage associated with said key, for summarizing usage statistics against at least one of said keys in said at least one event record, for comparing statistic totals to predefined thresholds, and for responding when said thresholds are met or exceeded.
4 Assignments
0 Petitions
Accused Products
Abstract
A computerized system and method for detecting fraudulent network usage patterns using real-time network monitoring of at least two disparate networks is shown which receives at least one event record from each of the disparate networks, analyzes each of the received event records to determine its type based on user-defined parameters, identifies predetermined fields in the analyzed event record to be used as keys, measures network usage associated with the key, summarizes usage statistics against at least of the keys, compares statistic totals to predefined thresholds, and responds with an alarm or the like when the thresholds are met or exceeded.
-
Citations
17 Claims
-
1. A computerized fraud detection system for detecting network usage patterns indicative of fraud from at least two disparate networks, each of said networks providing event records resulting from use of the respective network, comprising:
-
at least one data collector concurrently connected to each of said disparate networks for receiving at least one event record from each of said disparate networks, wherein said event record comprises a plurality of fields; at least one interface for analyzing each of said at least one received event record to determine its type based on user-defined parameters; and a fraud detection engine for identifying predetermined fields in said at least one analyzed event record to be used as keys, wherein said user pre-selects at least one of any field in said event record to be a key, for measuring usage associated with said key, for summarizing usage statistics against at least one of said keys in said at least one event record, for comparing statistic totals to predefined thresholds, and for responding when said thresholds are met or exceeded. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method performed by a computer for detecting network usage patterns indicative of fraud from at least two disparate networks, each of said networks providing event records resulting from use of the respective network, comprising the steps of:
-
receiving at least one event record from each of said disparate networks with which said computer is concurrently connected, wherein said event record comprises a plurality of fields; analyzing each of said at least one received event record to determine its type based on user-defined parameters; identifying predetermined fields in said at least one analyzed event record to be used as keys, wherein said user pre-selects at least one of any field in said event record to be a key; measuring usage associated with said key; summarizing usage statistics against at least one of said keys in said at least one event record; comparing statistic totals to predefined thresholds; and responding when said thresholds are met or exceeded. - View Dependent Claims (13)
-
-
14. A method for assisting in fraud analysis, which method is performed by a computer for detecting network usage patterns indicative of fraud from at least two disparate networks, each of said networks providing event records resulting from use of the respective network, comprising the steps of:
-
receiving at least one event record from each of said disparate networks with which said computer is concurrently connected, wherein said event record comprises a plurality of fields; analysing each of said at least one received event record to determine its type based on user-defined parameters; identifying predetermined fields in said at least one analyzed event record to be used as keys, wherein said user pre-selects at least one of any field in said event record to be a key; measuring usage associated with said key; summarizing usage statistics against at least one of said keys in said at least one event record; storing said record, said measured usage, and said summarized usage statistics in a database; and responding to ad hoc queries from a fraud analyst. - View Dependent Claims (15, 16, 17)
-
Specification