Systems and methods for anomaly detection in patterns of monitored communications
First Claim
Patent Images
1. A system for detecting an anomalous communication transmitted over a communications network, the system comprising:
- a) an interface coupling the system with the communications network;
b) a system data store capable of storing data associated with communications transmitted over the communications network and information associated with one or more responses to be initiated if an anomaly is detected;
c) a system processor in communication with the interface and the data store, wherein the system processor comprises one or more processing elements and wherein the system processor executes;
i) a collection engine that;
1) receives a communication via the interface; and
2) generates data associated with the received communication by applying one or more tests to the received communication;
ii) an analysis engine that detects whether an anomaly exists with respect to the received communication based upon the data generated by the collection engine and data associated with previously received communications from the system data store; and
iii) an action engine that initiates a predetermined response from the system data store if an anomaly was detected by the analysis engine;
wherein the analysis engine detects whether an anomaly exists by;
1) determining a set of anomaly types of interest;
2) for each of the anomaly types of interest in the determined set,(a) acquiring one or more anomaly thresholds associated with the respective anomaly type based at least in part upon accumulated data associated with received communications from the system data store;
(b) comparing information in the stored risk profile against at least one of the acquired one or more anomaly thresholds; and
(c) determining whether an anomaly of the respective anomaly type exists with respect to the received communication based upon the comparison.
14 Assignments
0 Petitions
Accused Products
Abstract
The present invention is directed to systems and methods for enhancing electronic communication security. A communication transmitted over a communications network is received and tested by a collection engine to generate data associated with the received communication. An analysis engine analyzes the data generated by the collection engine along with data associated with previously received communications to whether an anomaly exists. If an anomaly exists with respect to the received communication, an action engine initiates a predetermined response.
-
Citations
43 Claims
-
1. A system for detecting an anomalous communication transmitted over a communications network, the system comprising:
-
a) an interface coupling the system with the communications network; b) a system data store capable of storing data associated with communications transmitted over the communications network and information associated with one or more responses to be initiated if an anomaly is detected; c) a system processor in communication with the interface and the data store, wherein the system processor comprises one or more processing elements and wherein the system processor executes; i) a collection engine that; 1) receives a communication via the interface; and 2) generates data associated with the received communication by applying one or more tests to the received communication; ii) an analysis engine that detects whether an anomaly exists with respect to the received communication based upon the data generated by the collection engine and data associated with previously received communications from the system data store; and iii) an action engine that initiates a predetermined response from the system data store if an anomaly was detected by the analysis engine; wherein the analysis engine detects whether an anomaly exists by; 1) determining a set of anomaly types of interest; 2) for each of the anomaly types of interest in the determined set, (a) acquiring one or more anomaly thresholds associated with the respective anomaly type based at least in part upon accumulated data associated with received communications from the system data store; (b) comparing information in the stored risk profile against at least one of the acquired one or more anomaly thresholds; and (c) determining whether an anomaly of the respective anomaly type exists with respect to the received communication based upon the comparison. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A method for detecting an anomalous communication transmitted over a communication network, the method comprising the steps of:
-
a) receiving a communication transmitted over a communication network; b) applying one or more tests to the received communication to generate data associated with the received communication; c) acquiring data associated with one or more previously received communications; d) detecting whether an anomaly exists with respect to the received communication based upon the generated data and acquired data; and e) initiating a predetermined response if an anomaly was detected, wherein the step of detecting whether an anomaly exists comprises; i) determining a set of anomaly types of interest; ii) for each of the anomaly types of interest in the determined set, 1) acquiring one or more anomaly thresholds associated with the respective anomaly type based at least in part upon the acquired data associated with one or more previously received communications; 2) comparing information in the stored risk profile against at least one of the acquired one or more anomaly thresholds; and 3) determining whether an anomaly of the respective anomaly type exists with respect to the received communication based upon the comparison. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. Computer readable storage media storing instructions that upon execution by a system processor cause the system processor to detect an anomalous communication transmitted over a communication network, the media having stored instruction that cause the system processor to perform the steps comprising of:
-
a) receiving a communication transmitted over a communication network; b) applying one or more tests to the received communication to generate data associated with the received communication; c) acquiring data associated with one or more previously received communications; d) detecting whether an anomaly exists with respect to the received communication based upon the generated data and acquired data; and e) initiating a predetermined response if an anomaly was detected wherein the instructions causing the system processor to detect whether an anomaly exists comprise instructions causing the system processor to perform the steps comprising of; i) determining a set of anomaly types of interest; ii) for each of the anomaly types of interest in the determined set, 1) acquiring one or more anomaly thresholds associated with the respective anomaly type based at least in part upon the acquired data associated with one or more previously received communications; 2) comparing information in the stored risk profile against at least one of the acquired one or more anomaly thresholds; and 3) determining whether an anomaly of the respective anomaly type exists with respect to the received communication based upon the comparison. - View Dependent Claims (40, 41, 42, 43)
-
Specification