Systems and methods for detecting compromised messaging accounts
First Claim
1. A computer-implemented method for detecting compromised messaging accounts, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- maintaining a behavior database that associates messaging accounts of a plurality of users with messaging behaviors that typify each messaging account by;
extracting, from each of the messaging accounts, messaging features that describe stylistic and compositional traits of messages sent by the messaging accounts;
for each messaging account, identifying, based on the extracted messaging features, messaging behaviors that typify the messaging account by;
determining a frequency with which the messaging account displays at least one messaging behavior;
determining that the frequency with which the messaging account displays the messaging behavior exceeds a frequency with which at least one other messaging account displays the messaging behavior; and
weighting the messaging behavior based on a comparison between the frequency with which the messaging account displays the messaging behavior and the frequency with which the other messaging account displays the messaging behavior;
identifying, based on the extracted messaging features, messaging behaviors that do not typify any of the messaging accounts of the plurality of users by identifying messaging behaviors that are displayed with a similar frequency by at least most of the messaging accounts of the plurality of users; and
associating, in the behavior database, each of the messaging accounts of the plurality of users with the weighted messaging behaviors that typify each messaging account and not the messaging behaviors that do not typify any of the messaging accounts of the plurality of users;
detecting an attempt by a user to send a message from one of the messaging accounts of the plurality of users;
determining, by comparing features of the message with the weighted messaging behaviors associated with the messaging account in the behavior database, that the messaging account has potentially been compromised; and
in response to the determination that the messaging account has potentially been compromised, verifying that the user is an owner of the messaging account.
6 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for detecting compromised messaging accounts may include maintaining a behavior database that associates a plurality of messaging accounts with messaging behaviors that typify each of the messaging accounts. The method may also include detecting an attempt by a user to send a message from a messaging account. In addition, the method may include determining that the messaging account has potentially been compromised by comparing features of the message with messaging behaviors associated with the messaging account in the behavior database. Finally, the method may include verifying that the user is an owner of the messaging account in response to the determination that the messaging account has potentially been compromised. Various other methods, systems, and computer-readable media are also disclosed.
-
Citations
20 Claims
-
1. A computer-implemented method for detecting compromised messaging accounts, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
maintaining a behavior database that associates messaging accounts of a plurality of users with messaging behaviors that typify each messaging account by; extracting, from each of the messaging accounts, messaging features that describe stylistic and compositional traits of messages sent by the messaging accounts; for each messaging account, identifying, based on the extracted messaging features, messaging behaviors that typify the messaging account by; determining a frequency with which the messaging account displays at least one messaging behavior; determining that the frequency with which the messaging account displays the messaging behavior exceeds a frequency with which at least one other messaging account displays the messaging behavior; and weighting the messaging behavior based on a comparison between the frequency with which the messaging account displays the messaging behavior and the frequency with which the other messaging account displays the messaging behavior; identifying, based on the extracted messaging features, messaging behaviors that do not typify any of the messaging accounts of the plurality of users by identifying messaging behaviors that are displayed with a similar frequency by at least most of the messaging accounts of the plurality of users; and associating, in the behavior database, each of the messaging accounts of the plurality of users with the weighted messaging behaviors that typify each messaging account and not the messaging behaviors that do not typify any of the messaging accounts of the plurality of users; detecting an attempt by a user to send a message from one of the messaging accounts of the plurality of users; determining, by comparing features of the message with the weighted messaging behaviors associated with the messaging account in the behavior database, that the messaging account has potentially been compromised; and in response to the determination that the messaging account has potentially been compromised, verifying that the user is an owner of the messaging account. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for detecting compromised messaging accounts, the system comprising:
-
a maintenance module, stored in memory, that maintains a behavior database that associates messaging accounts of a plurality of users with messaging behaviors that typify each messaging account by; extracting, from each of the messaging accounts, messaging features that describe stylistic and compositional traits of messages sent by the messaging accounts; for each messaging account, identifying, based on the extracted messaging features, messaging behaviors that typify the messaging account by; determining a frequency with which the messaging account displays at least one messaging behavior; determining that the frequency with which the messaging account displays the messaging behavior exceeds a frequency with which at least one other messaging account displays the messaging behavior; and weighting the messaging behavior based on a comparison between the frequency with which the messaging account displays the messaging behavior and the frequency with which the other messaging account displays the messaging behavior; identifying, based on the extracted messaging features, messaging behaviors that do not typify any of the messaging accounts of the plurality of users by identifying messaging behaviors that are displayed with a similar frequency by at least most of the messaging accounts of the plurality of users; and associating, in the behavior database, each of the messaging accounts of the plurality of users with the weighted messaging behaviors that typify each messaging account and not the messaging behaviors that do not typify any of the messaging accounts of the plurality of users; a detection module, stored in memory, that detects an attempt by a user to send a message from one of the messaging accounts of the plurality of users; a determination module, stored in memory, that determines, by comparing features of the message with the weighted messaging behaviors associated with the messaging account in the behavior database, that the messaging account has potentially been compromised; a verification module, stored in memory, that verifies that the user is an owner of the messaging account in response to the determination that the messaging account has potentially been compromised; and at least one processor configured to execute the maintenance module, the detection module, the determination module, and the verification module. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor a computing device, cause the computing device to:
-
maintain a behavior database that associates messaging accounts of a plurality of users with messaging behaviors that typify each messaging account by; extracting, from each of the messaging accounts, messaging features that describe stylistic and compositional traits of messages sent by the messaging accounts; for each messaging account, identifying, based on the extracted messaging features, messaging behaviors that typify the messaging account by; determining a frequency with which the messaging account displays at least one messaging behavior; determining that the frequency with which the messaging account displays the messaging behavior exceeds a frequency with which at least one other messaging account displays the messaging behavior; and weighting the messaging behavior based on a comparison between the frequency with which the messaging account displays the messaging behavior and the frequency with which the other messaging account displays the messaging behavior; identifying, based on the extracted messaging features, messaging behaviors that do not typify any of the messaging accounts of the plurality of users by identifying messaging behaviors that are displayed with a similar frequency by at least most of the messaging accounts of the plurality of users; and associating, in the behavior database, each of the messaging accounts of the plurality of users with the weighted messaging behaviors that typify each messaging account and not the messaging behaviors that do not typify any of the messaging accounts of the plurality of users; detect an attempt by a user to send a message from one of the messaging accounts of the plurality of users; determine, by comparing features of the message with the weighted messaging behaviors associated with the messaging account in the behavior database, that the messaging account has potentially been compromised; and in response to the determination that the messaging account has potentially been compromised, verify that the user is an owner of the messaging account.
-
Specification