×

System and method for detecting fraud and misuse of protected data by an authorized user using event logs

  • US 9,916,468 B2
  • Filed: 11/30/2015
  • Issued: 03/13/2018
  • Est. Priority Date: 05/31/2005
  • Status: Active Grant
First Claim
Patent Images

1. A method of detecting improper access of protected data by an authorized user, the method comprising:

  • extracting event data from an event log file including information associated with an attempt to access protected data, the extracting being performed by a computer system configured to recognize and parse the event data within the event log file for each of a plurality of different file formats to enable a monitoring system implemented by a processor to oversee user activity across a plurality of applications for determining the attempt to access the protected data is fraudulent or indicative of probable misuse;

    normalizing the event data based on a predefined format;

    processing the normalized event data to determine an identifier associated with the attempt to access the protected data, the identifier being indicative of one or more of an authorized user of a system associated with the protected data, a device used to attempt to access the protected data, an authorized user of the device used to attempt to access the protected data, a location of the device used to attempt to access the protected data, or a time of the attempt to access the protected data;

    processing the normalized event data and the identifier to determine whether the attempt to access the protected data is fraudulent or indicative of probable misuse based on at least one rule applied by the monitoring system;

    generating a notification based on a determination that the attempt to access the protected data is fraudulent or indicative of probable misuse; and

    causing one or more of an alert based on the notification to be output to a display communicatively coupled with the monitoring system or to an electronic device communicatively coupled with the monitoring system,whereinthe monitoring system continuously processes the normalized event data and the identifier according to a predefined schedule, andthe event log file corresponds with an application of the plurality of applications accessible by the authorized user, each application of the plurality of applications has a corresponding event log file, and the event log file of each application of the plurality of applications has a file format of the plurality of different file formats.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×