Detection of account hijacking in a social network
First Claim
Patent Images
1. A method of protecting a user of a social network, comprising the steps of:
- (a) monitoring activity of the user on the social network during a baseline monitoring period to determine a baseline activity record, said monitoring including;
if an instance of said activity is suspicious, asking the user whether said instance is a normal activity instance of said user;
(b) monitoring activity of the user on the social network subsequent to said baseline monitoring period;
(c) determining whether said activity of the user on the social network subsequent to said baseline monitoring deviates sufficiently from said baseline activity record to indicate abuse of the user'"'"'s account on the social network; and
(d) if said activity of the user on the social network subsequent to said baseline monitoring deviates sufficiently from said baseline activity record to indicate abuse of the user'"'"'s account on the social network;
mitigating said abuse.
1 Assignment
0 Petitions
Accused Products
Abstract
To protect a user of a social network, the user'"'"'s activity is monitored during a baseline monitoring period to determine a baseline activity record. If subsequently monitored activity of the user deviates sufficiently from the baseline activity record to indicate abuse (hijacking) of the user'"'"'s account, the abuse is mitigated, for example by notifying the user of the abuse. Monitored activity includes posting links, updating statuses, sending messages, and changing a profile. Monitoring also includes logging times of the user activity. Monitoring anomalous profile changes does not need a baseline.
-
Citations
26 Claims
-
1. A method of protecting a user of a social network, comprising the steps of:
-
(a) monitoring activity of the user on the social network during a baseline monitoring period to determine a baseline activity record, said monitoring including;
if an instance of said activity is suspicious, asking the user whether said instance is a normal activity instance of said user;(b) monitoring activity of the user on the social network subsequent to said baseline monitoring period; (c) determining whether said activity of the user on the social network subsequent to said baseline monitoring deviates sufficiently from said baseline activity record to indicate abuse of the user'"'"'s account on the social network; and (d) if said activity of the user on the social network subsequent to said baseline monitoring deviates sufficiently from said baseline activity record to indicate abuse of the user'"'"'s account on the social network;
mitigating said abuse. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A system for managing a social network, comprising:
-
(a) a memory for storing code for protecting a user of the social network by; (i) monitoring activity of said user on the social network during a baseline monitoring period to determine a baseline activity record, said monitoring including;
if an instance of said activity is suspicious, asking the user whether said instance is a normal activity instance of said user,(ii) monitoring activity of said user on the social network subsequent to said baseline monitoring period, (iii) determining whether said activity of said user on the social network subsequent to said baseline monitoring deviates sufficiently from said baseline activity record to indicate abuse of said user'"'"'s account on the social network, and (iv) if said activity of said user on the social network subsequent to said baseline monitoring deviates sufficiently from said baseline activity record to indicate abuse of said user'"'"'s account on the social network;
mitigating said abuse; and(b) a processor for executing said code.
-
-
26. A non-transitory computer-readable storage medium having embodied thereon computer-readable code for protecting a user of a social network, the computer-readable code comprising:
-
(a) program code for monitoring activity of the user on the social network during a baseline monitoring period to determine a baseline activity record, said monitoring including;
if an instance of said activity is suspicious, asking the user whether said instance is a normal activity instance of said user;(b) program code for monitoring activity of the user on the social network subsequent to said baseline monitoring period; (c) program code for determining whether said activity of the user on the social network subsequent to said baseline monitoring deviates sufficiently from said baseline activity record to indicate abuse of the user'"'"'s account on the social network; and (d) program code for;
if said activity of the user on the social network subsequent to said baseline monitoring deviates sufficiently from said baseline activity record to indicate abuse of the user'"'"'s account on the social network;
mitigating said abuse.
-
Specification