Layered graphical event mapping
First Claim
Patent Images
1. A processor-implemented method, comprising:
- receiving fraud information about a plurality of fraud events that were facilitated by a network, the fraud information including, for each of the fraud events, a network address identifying a network point that facilitated the respective fraud event;
receiving network intrusion information about a plurality of intrusion events occurring in the network, where each intrusion event comprises an unauthorized attempt to enter or use a system of the network via a network point, and the network intrusion information includes, for each of the plurality of intrusion events, a network address of the network point associated with the respective intrusion event;
receiving physical crime information associated with a plurality of physical crimes, wherein the physical crime information includes geographical locations that are associated with the plurality of physical crimes, and a description of each of the plurality of physical crimes;
automatically correlating via a processor the network addresses of the network intrusion information and the network addresses of the fraud information with location information for the network points of the network to determine physical locations associated with the plurality of fraud events and physical locations associated with the plurality of intrusion events;
generating via the processor a map of subject specific overlays displaying in layers;
a fraud events overlay of geographical locations of the physical locations associated with the plurality of fraud events, an intrusion events overlay of geographical locations of the physical locations associated with the plurality of intrusion events, and a physical crime events overlay of geographical locations of the physical crime locations;
identifying via the processor geographical pockets of threats derived from the fraud event locations, the intrusion events locations, and the physical crime locations, displayed on the generated multi-overlay map; and
prioritizing via the processor threat response resources according to the identified geographical pockets of threats.
2 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program product for graphically overlaying multiple types of events in order to facilitate determining one or more courses of action are each disclosed. Events are received from an event detection system or from another source, correlated with an address or location, and representatively mapped on an electronic map configured to be displayed on a display device. Mapped events may include cyber attacks or intrusions, credit card fraud based on the location of use of the credit card, check (and check-card) fraud based on usage location, 911 calls, law enforcement demographic data, and telecommunications based fraud.
-
Citations
28 Claims
-
1. A processor-implemented method, comprising:
-
receiving fraud information about a plurality of fraud events that were facilitated by a network, the fraud information including, for each of the fraud events, a network address identifying a network point that facilitated the respective fraud event; receiving network intrusion information about a plurality of intrusion events occurring in the network, where each intrusion event comprises an unauthorized attempt to enter or use a system of the network via a network point, and the network intrusion information includes, for each of the plurality of intrusion events, a network address of the network point associated with the respective intrusion event; receiving physical crime information associated with a plurality of physical crimes, wherein the physical crime information includes geographical locations that are associated with the plurality of physical crimes, and a description of each of the plurality of physical crimes; automatically correlating via a processor the network addresses of the network intrusion information and the network addresses of the fraud information with location information for the network points of the network to determine physical locations associated with the plurality of fraud events and physical locations associated with the plurality of intrusion events; generating via the processor a map of subject specific overlays displaying in layers;
a fraud events overlay of geographical locations of the physical locations associated with the plurality of fraud events, an intrusion events overlay of geographical locations of the physical locations associated with the plurality of intrusion events, and a physical crime events overlay of geographical locations of the physical crime locations;identifying via the processor geographical pockets of threats derived from the fraud event locations, the intrusion events locations, and the physical crime locations, displayed on the generated multi-overlay map; and prioritizing via the processor threat response resources according to the identified geographical pockets of threats. - View Dependent Claims (2, 3, 4, 5, 11, 12, 13, 14, 15, 16, 24, 25, 26, 27, 28)
-
-
6. A system comprising:
-
a fraud detection system configured to electronically review call detail records and identify suspected fraudulent events that were facilitated by a network, thereby creating fraud information that includes, for each of the fraud events, a network address identifying a network point that facilitated the respective fraud event; an intrusion detection system configured to electronically review network information and identify network intrusion events occurring in the network, where each intrusion event comprises an unauthorized attempt to enter or use a system of the network via a network point, thereby generating network intrusion information that includes, for each of the plurality of network intrusion events, a network address of the network point associated with the respective network intrusion event; a physical crimes database configured to electronically store locations of occurrences of physical crimes; a location/GPS engine configured to automatically correlate said network addresses of fraud information with one or more physical locations according to the call detail records, automatically correlate said network addresses of the network intrusion information with one or more physical locations, and obtain from said physical crimes database the locations of said occurrences of physical crimes; and an electronic mapping system configured to receive fraud-location information indicating physical locations associated with the fraud events from said location/GPS engine, map said fraud-location information according to a fraud events overlay on an electronic multi-overlay map that is displayed on a display device, receive network-intrusion-location information indicating physical locations associated with the network intrusion events from said location/GPS engine, map said network-intrusion-location information on an intrusion events overlay of the electronic multi-overlay map that is displayed on the display device, receive physical-crime-location information indicating the locations of said occurrences of physical crimes from said location/GPS engine, map said physical-crime-location information on a physical crime events overlay of the electronic multi-overlay map that is displayed on the display device, identify geographical pockets of threats derived from the physical location information displayed on the electronic multi-overlay map, and prioritize threat response resources according to the identified geographical pockets of threats. - View Dependent Claims (7, 8, 9, 10)
-
-
17. A system comprising:
-
a fraud database comprised of fraud information associated with a plurality of fraud events that were facilitated by a network, the fraud information including, for each of the fraud events, a network address identifying a network point that facilitated the respective fraud event; an intrusion database comprised of intrusion information about a plurality of intrusion events occurring in the network, where each intrusion event comprises an unauthorized attempt to enter or use a system of the network via a network point, and the network intrusion information includes, for each of the plurality of intrusion events, a network address of the network point associated with the respective intrusion event; a physical crimes database comprised of physical crime information that is associated with at least the locations of the occurrences of a plurality of physical crimes; a location/GPS engine configured to receive said fraud information from said fraud database and said intrusion information from said intrusion database, correlate the network addresses of said fraud information with physical locations thereby obtaining physical locations associated with the fraud events, and correlate the network addresses of said intrusion information with physical locations thereby obtaining physical locations associated with the intrusion events; a mapping database configured to receive at least said physical locations of the fraud events and said physical locations of the intrusion events from said location/GPS engine and said locations of the occurrences of the plurality of physical crimes from the physical crimes database to form mapping information; and an electronic mapping system map that is configured to retrieve said mapping information from said mapping database, display in layers said physical locations of said fraud events in a fraud events overlay, said physical locations of the intrusion events in an intrusion events overlay, and the physical locations of said physical crimes via computer-generated icons in a physical crime events overlay, on an electronic multi-overlay map that is displayed on a display device, size the computer-generated icons on the display device according to a magnitude of a respective activity represented by the respective computer-generated icons, identify geographical pockets of threats derived from the fraud event locations, the identified network point locations, and the physical crime locations, displayed on the multi-overlay map, and prioritize via the processor threat response resources according to the identified geographical pockets of threats. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
Specification