Methods and systems for mass link analysis using rule engines

US 9,154,640 B2
Filed: 12/10/2010
Issued: 10/06/2015
Est. Priority Date: 12/10/2009
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

at a first time, accepting a plurality of indications based on interaction among entities, each indication specifying that a respective pair of the entities are related, and constructing based on the indications a data structure representing relationships among respective pairs of the entities, wherein the data structure is suitable for large-scale link analysis;

at a second time subsequent to the first time, accepting one or more additional indications, and updating the relationships in the data structure based on the additional indications; and

outputting a notification upon detecting that a rule, which is defined over the relationships and is not met at the first time, is met at the second time;

wherein the method is conducted in real time, wherein the notification is output as a graph database, which stores aggregated information about the entities and the relationship between them, wherein the graph database represents each entity as a node, where each node is directly related to one or more other nodes via edges.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A substantially real-time graph-based rule engine that analyzes connectivities, both direct and indirect relationships, between entities stored in a database as the database is updated (e.g., with CDR or financial transaction data). The rule engine uses pre-defined rules to detect events (i.e., the database updates) that influence the relationship between entities in the database. When the database is updated with events (e.g., CDRs), the real-time rule engine compares the update to any relevant rules. If the real-time based rule engine finds a match between a rule and an update to the database, then the rule engine generates a notification, such as an alert. The alerts may be used to provide notification of, e.g, fraudulent activities.

24 Citations

View as Search Results

20 Claims

1. A method, comprising:
- at a first time, accepting a plurality of indications based on interaction among entities, each indication specifying that a respective pair of the entities are related, and constructing based on the indications a data structure representing relationships among respective pairs of the entities, wherein the data structure is suitable for large-scale link analysis;
  
  at a second time subsequent to the first time, accepting one or more additional indications, and updating the relationships in the data structure based on the additional indications; and
  
  outputting a notification upon detecting that a rule, which is defined over the relationships and is not met at the first time, is met at the second time;
  
  wherein the method is conducted in real time, wherein the notification is output as a graph database, which stores aggregated information about the entities and the relationship between them, wherein the graph database represents each entity as a node, where each node is directly related to one or more other nodes via edges.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method according to claim 1, wherein the interaction comprises communication among the entities over a communication network.
  - 3. The method according to claim 1, wherein the interaction comprises financial transactions among the entities.
  - 4. The method according to claim 1, wherein the indications comprise Call Detail Records (CDRs).
  - 5. The method according to claim 1, wherein the entities comprise at least one entity type selected from a group of types consisting of an individual, a set of individuals, a communication terminal, a plurality of communication terminals, an organization, an e-mail address, a Web-site, a bank account and a home address.
  - 6. The method according to claim 1, wherein updating the relationships in the data structure comprises storing at least a portion of the data structure in Random Access Memory (RAM), and wherein detecting that the rule is met comprises querying at least the portion of the data structure in the RAM.
  - 7. The method according to claim 1, wherein the rule depends on a distance defined as a shortest sequence of interrelated entities that relate a first entity with a second entity.
  - 8. The method according to claim 7, wherein detecting that the rule is met comprises detecting a change in the distance resulting from an update in the relationships occurring between the first time and the second time.
  - 9. The method according to claim 1, wherein the rule is defined with respect to one or more of the entities that are identified as suspects.
  - 10. The method according to claim 9, wherein the rule identifies a given entity as an additional suspect responsively to at least one relationship between the given entity and the suspects.
  - 11. The method according to claim 9, wherein the rule identifies a change in at least one relationship involving the suspects.

12. Apparatus, comprising:
- a memory; and
  
  a rule processor which is configured to accept, at a first time, a plurality of indications based on interaction among entities, each indication specifying that a respective pair of the entities are related, to construct based on the indications a data structure representing relationships among respective pairs of the entities, wherein the data structure is suitable for large-scale link analysis, to accept, at a second time subsequent to the first time, one or more additional indications, to update the relationships in the data structure based on the additional indications, and to output a notification in real time, wherein the notification is output as a graph database, which stores aggregated information about the entities and the relationship between them, wherein the graph database represents each entity as a node, where each node is directly related to one or more other nodes via edges, upon detecting that a rule, which is defined over the relationships and is not met at the first time, is met at the second time.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The apparatus according to claim 12, wherein the interaction comprises communication among the entities over a communication network.
  - 14. The apparatus according to claim 12, wherein the interaction comprises financial transactions among the entities.
  - 15. The apparatus according to claim 12, wherein the indications comprise Call Detail Records (CDRs).
  - 16. The apparatus according to claim 12, wherein the entities comprise at least one entity type selected from a group of types consisting of an individual, a set of individuals, a communication terminal, a plurality of communication terminals, an organization, an e-mail address, a Web-site, a bank account and a home address.
  - 17. The apparatus according to claim 12, and comprising a Random Access Memory (RAM), wherein the rule processor is configured to store at least a portion of the data structure in the RAM, and to detect that the rule is met by querying at least the portion of the data structure in the RAM.
  - 18. The apparatus according to claim 12, wherein the rule depends on a distance defined as a shortest sequence of interrelated entities that relate a first entity with a second entity.
  - 19. The apparatus according to claim 18, wherein the rule processor is configured to detect that the rule is met by detecting a change in the distance resulting from an update in the relationships occurring between the first time and the second time.
  - 20. The apparatus according to claim 12, wherein the rule is defined with respect to one or more of the entities that are identified as suspects.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cognyte Technologies Israel Ltd. (Cognyte Software Ltd.)
Original Assignee
Verint Systems Limited (Verint Systems Incorporated)
Inventors
Goldfarb, Eithan
Primary Examiner(s)
Laekemariam, Yosef K

Application Number

US12/964,891
Publication Number

US 20110142217A1
Time in Patent Office

1,761 Days
Field of Search

379111-141, 379/88.11, 379/373.03, 379/145, 379/189
US Class Current

1/1
CPC Class Codes

H04M 15/00   Arrangements for metering, ...

H04M 15/41   Billing record details, i.e...

H04M 15/58   based on statistics of usag...

Methods and systems for mass link analysis using rule engines

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for mass link analysis using rule engines

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links