Malicious activity detection system capable of efficiently processing data accessed from databases and generating alerts for display in interactive user interfaces
First Claim
1. A computing system comprising:
- a database storing a first data set and a second data set associated with one or more accounts, wherein the first data set comprises a first data section, a second data section, and first data corresponding to the first data section or the second data section, and wherein the second data set comprises the first data section, a third data section, and second data corresponding to the first data section or the third data section;
a computer processor; and
a computer readable storage medium storing program instructions configured for execution by the computer processor in order to cause the computing system to;
select a first rule from a plurality of rules, wherein the first rule is associated with a behavior associated with the one or more accounts;
retrieve the first data set and the second data set from the database;
identify that the first data section is included in the first data set and the second data set;
run a deduplication operation on each entry in the first data set and the second data set to remove duplicate entries, wherein a first entry in the first data set is a duplicate of a second entry in the second data set if third data associated with the first data section in the first entry is equal to fourth data associated with the first data section in the second entry;
execute a join operation to generate a third data set using the first data section as a join key, wherein the third data set comprises the first data section, the second data section, the third data section, the first data, and the second data;
run the first rule on the third data set to determine whether the behavior is risky;
generate an alert in response to a determination that the behavior is risky; and
transmit the alert for display in an interactive user interface.
8 Assignments
0 Petitions
Accused Products
Abstract
Various systems and methods are provided that retrieve raw data from issuers, reorganize the raw data, analyze the reorganized data to determine whether the risky or malicious activity is occurring, and generate alerts to notify users of possible malicious activity. For example, the raw data is included in a plurality of tables. The system joins one or more tables to reorganize the data using several filtering techniques to reduce the processor load required to perform the join operation. Once the data is reorganized, the system executes one or more rules to analyze the reorganized data. Each rule is associated with a malicious activity. If any of the rules indicate that malicious activity is occurring, the system generates an alert for display to a user in an interactive user interface.
-
Citations
20 Claims
-
1. A computing system comprising:
-
a database storing a first data set and a second data set associated with one or more accounts, wherein the first data set comprises a first data section, a second data section, and first data corresponding to the first data section or the second data section, and wherein the second data set comprises the first data section, a third data section, and second data corresponding to the first data section or the third data section; a computer processor; and a computer readable storage medium storing program instructions configured for execution by the computer processor in order to cause the computing system to; select a first rule from a plurality of rules, wherein the first rule is associated with a behavior associated with the one or more accounts; retrieve the first data set and the second data set from the database; identify that the first data section is included in the first data set and the second data set; run a deduplication operation on each entry in the first data set and the second data set to remove duplicate entries, wherein a first entry in the first data set is a duplicate of a second entry in the second data set if third data associated with the first data section in the first entry is equal to fourth data associated with the first data section in the second entry; execute a join operation to generate a third data set using the first data section as a join key, wherein the third data set comprises the first data section, the second data section, the third data section, the first data, and the second data; run the first rule on the third data set to determine whether the behavior is risky; generate an alert in response to a determination that the behavior is risky; and transmit the alert for display in an interactive user interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer-implemented method comprising:
-
as implemented by one or more computer systems comprising computer hardware and memory, the one or more computer systems configured with specific executable instructions, selecting a first rule from a plurality of rules, wherein the first rule is associated with a behavior associated with one or more accounts; retrieving a first data set and a second data set, wherein the first data set comprises a first data section, a second data section, and first data corresponding to the first data section or the second data section, and wherein the second data set comprises the first data section, a third data section, and second data corresponding to the first data section or the third data section; identifying that the first data section is included in the first data set and the second data set; running a deduplication operation on each entry in the first data set and the second data set to remove duplicate entries, wherein a first entry in the first data set is a duplicate of a second entry in the second data set if third data associated with the first data section in the first entry is equal to fourth data associated with the first data section in the second entry; executing a join operation to generate a third data set using the first data section as a join key, wherein the third data set comprises the first data section, the second data section, the third data section, the first data, and the second data; running the first rule on the third data set to determine whether the behavior is risky; generating an alert in response to a determination that the behavior is risky; and transmitting the alert for display in an interactive user interface. - View Dependent Claims (17, 18, 19)
-
-
20. A non-transitory computer-readable medium comprising one or more program instructions recorded thereon, the instructions configured for execution by a computing system comprising one or more processors in order to cause the computing system to:
-
select a first rule from a plurality of rules, wherein the first rule is associated with a behavior associated with one or more accounts; retrieve a first data set and a second data set, wherein the first data set comprises a first data section, a second data section, and first data corresponding to the first data section or the second data section, and wherein the second data set comprises the first data section, a third data section, and second data corresponding to the first data section or the third data section; identify that the first data section is included in the first data set and the second data set; run a deduplication operation on each entry in the first data set and the second data set to remove duplicate entries, wherein a first entry in the first data set is a duplicate of a second entry in the second data set if third data associated with the first data section in the first entry is equal to fourth data associated with the first data section in the second entry; execute a join operation to generate a third data set using the first data section as a join key, wherein the third data set comprises the first data section, the second data section, the third data section, the first data, and the second data; run the first rule on the third data set to determine whether the behavior is risky; generate an alert in response to a determination that the behavior is risky; and transmit the alert for display in an interactive user interface.
-
Specification