×

Systems and methods for detecting compromised messaging accounts

  • US 9,756,007 B1
  • Filed: 12/18/2013
  • Issued: 09/05/2017
  • Est. Priority Date: 12/18/2013
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for detecting compromised messaging accounts, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

  • maintaining a behavior database that associates messaging accounts of a plurality of users with messaging behaviors that typify each messaging account by;

    extracting, from each of the messaging accounts, messaging features that describe stylistic and compositional traits of messages sent by the messaging accounts;

    for each messaging account, identifying, based on the extracted messaging features, messaging behaviors that typify the messaging account by;

    determining a frequency with which the messaging account displays at least one messaging behavior;

    determining that the frequency with which the messaging account displays the messaging behavior exceeds a frequency with which at least one other messaging account displays the messaging behavior; and

    weighting the messaging behavior based on a comparison between the frequency with which the messaging account displays the messaging behavior and the frequency with which the other messaging account displays the messaging behavior;

    identifying, based on the extracted messaging features, messaging behaviors that do not typify any of the messaging accounts of the plurality of users by identifying messaging behaviors that are displayed with a similar frequency by at least most of the messaging accounts of the plurality of users; and

    associating, in the behavior database, each of the messaging accounts of the plurality of users with the weighted messaging behaviors that typify each messaging account and not the messaging behaviors that do not typify any of the messaging accounts of the plurality of users;

    detecting an attempt by a user to send a message from one of the messaging accounts of the plurality of users;

    determining, by comparing features of the message with the weighted messaging behaviors associated with the messaging account in the behavior database, that the messaging account has potentially been compromised; and

    in response to the determination that the messaging account has potentially been compromised, verifying that the user is an owner of the messaging account.

View all claims
  • 6 Assignments
Timeline View
Assignment View
    ×
    ×