Malicious activity detection system capable of efficiently processing data accessed from databases and generating alerts for display in interactive user interfaces
First Claim
1. A computing system configured to process a large amount of dynamically updating data, the computing system comprising:
- a database storing a first table and a second table associated with transaction data received from one or more accounts, wherein the first table comprises a first column header, a second column header, and first data corresponding to the first column header or the second column header, and wherein the second table comprises the first column header, a third column header, a fourth column header, and second data corresponding to the first column header or the third column header;
a computer processor; and
a computer readable storage medium storing program instructions configured for execution by the computer processor in order to cause the computing system to;
select a first rule from a plurality of rules, wherein the first rule is associated with a behavior associated with the one or more accounts;
retrieve the first table and the second table from the database;
identify that the first column header is included in the first table and the second table;
determine that the first rule does not use data associated with the fourth column header to determine whether the behavior is risky;
remove the fourth column header from the second table in response to the determination that the first rule does not use data associated with the fourth column header to determine whether the behavior is risky;
execute a join operation to generate a third table using the first column header as a join key, wherein the third table comprises the first column header, the second column header, the third column header, the first data, and the second data and does not comprise the fourth column header;
run the first rule on the third table to determine whether the behavior is risky;
generate an alert in response to a determination that the behavior is risky; and
transmit the alert for display in an interactive user interface.
8 Assignments
0 Petitions
Accused Products
Abstract
Various systems and methods are provided that retrieve raw data from issuers, reorganize the raw data, analyze the reorganized data to determine whether the risky or malicious activity is occurring, and generate alerts to notify users of possible malicious activity. For example, the raw data is included in a plurality of tables. The system joins one or more tables to reorganize the data using several filtering techniques to reduce the processor load required to perform the join operation. Once the data is reorganized, the system executes one or more rules to analyze the reorganized data. Each rule is associated with a malicious activity. If any of the rules indicate that malicious activity is occurring, the system generates an alert for display to a user in an interactive user interface.
249 Citations
16 Claims
-
1. A computing system configured to process a large amount of dynamically updating data, the computing system comprising:
-
a database storing a first table and a second table associated with transaction data received from one or more accounts, wherein the first table comprises a first column header, a second column header, and first data corresponding to the first column header or the second column header, and wherein the second table comprises the first column header, a third column header, a fourth column header, and second data corresponding to the first column header or the third column header; a computer processor; and a computer readable storage medium storing program instructions configured for execution by the computer processor in order to cause the computing system to; select a first rule from a plurality of rules, wherein the first rule is associated with a behavior associated with the one or more accounts; retrieve the first table and the second table from the database; identify that the first column header is included in the first table and the second table; determine that the first rule does not use data associated with the fourth column header to determine whether the behavior is risky; remove the fourth column header from the second table in response to the determination that the first rule does not use data associated with the fourth column header to determine whether the behavior is risky; execute a join operation to generate a third table using the first column header as a join key, wherein the third table comprises the first column header, the second column header, the third column header, the first data, and the second data and does not comprise the fourth column header; run the first rule on the third table to determine whether the behavior is risky; generate an alert in response to a determination that the behavior is risky; and transmit the alert for display in an interactive user interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
Specification