External malware data item clustering and analysis
First Claim
1. A computer system configured to provide a dynamic user interface relating to visualization of alerts of malicious network activity, the computer system comprising:
- an electronic data structure configured to store a plurality of clusters of data items, wherein each cluster of data items represents a group of related malicious network activities; and
one or more hardware computer processors configured to execute code in order to cause the computer system to;
access the electronic data structure including the plurality of clusters of data items;
analyze the plurality of clusters of data items to determine, for each cluster of the plurality of clusters;
a type of malicious network activity represented by the cluster, anda criticality of the malicious network activity represented by the cluster;
further analyze the plurality of clusters of data items to determine respective numbers of clusters of the plurality of clusters having each of a plurality of types of malicious network activity;
provide a dynamic user interface configured to display at least;
a first visualization indicating, for each type of malicious network activity of the plurality of types of malicious network activity, respective portions of the plurality of clusters having the type of malicious network activity; and
a second visualization indicating, for each cluster of the plurality of clusters, an alert corresponding to the cluster, wherein the alert visually indicates that criticality of the malicious network activity represented by the cluster; and
automatically order the alerts indicated in the second visualization based on the respective determined criticalities of malicious network activity represented by the clusters corresponding to the alerts.
9 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present disclosure relate to a data analysis system that may automatically generate memory-efficient clustered data structures, automatically analyze those clustered data structures, and provide results of the automated analysis in an optimized way to an analyst. The automated analysis of the clustered data structures (also referred to herein as data clusters) may include an automated application of various criteria or rules so as to generate a compact, human-readable analysis of the data clusters. The human-readable analyses (also referred to herein as “summaries” or “conclusions”) of the data clusters may be organized into an interactive user interface so as to enable an analyst to quickly navigate among information associated with various data clusters and efficiently evaluate those data clusters in the context of, for example, a fraud investigation. Embodiments of the present disclosure also relate to automated scoring of the clustered data structures.
683 Citations
20 Claims
-
1. A computer system configured to provide a dynamic user interface relating to visualization of alerts of malicious network activity, the computer system comprising:
-
an electronic data structure configured to store a plurality of clusters of data items, wherein each cluster of data items represents a group of related malicious network activities; and one or more hardware computer processors configured to execute code in order to cause the computer system to; access the electronic data structure including the plurality of clusters of data items; analyze the plurality of clusters of data items to determine, for each cluster of the plurality of clusters; a type of malicious network activity represented by the cluster, and a criticality of the malicious network activity represented by the cluster; further analyze the plurality of clusters of data items to determine respective numbers of clusters of the plurality of clusters having each of a plurality of types of malicious network activity; provide a dynamic user interface configured to display at least; a first visualization indicating, for each type of malicious network activity of the plurality of types of malicious network activity, respective portions of the plurality of clusters having the type of malicious network activity; and a second visualization indicating, for each cluster of the plurality of clusters, an alert corresponding to the cluster, wherein the alert visually indicates that criticality of the malicious network activity represented by the cluster; and automatically order the alerts indicated in the second visualization based on the respective determined criticalities of malicious network activity represented by the clusters corresponding to the alerts. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer-implemented method comprising:
by one or more hardware computer processors executing code; communicating with an electronic data structure configured to store a plurality of clusters of data items, wherein each cluster of data items represents a group of related malicious network activities; accessing the electronic data structure including the plurality of clusters of data items; analyzing the plurality of clusters of data items to determine, for each cluster of the plurality of clusters; a type of malicious network activity represented by the cluster, and a criticality of the malicious network activity represented by the cluster; further analyzing the plurality of clusters of data items to determine respective numbers of clusters of the plurality of clusters having each of a plurality of types of malicious network activity; providing a dynamic user interface configured to display at least; a first visualization indicating, for each type of malicious network activity of the plurality of types of malicious network activity, respective portions of the plurality of clusters having the type of malicious network activity; and a second visualization indicating, for each cluster of the plurality of clusters, an alert corresponding to the cluster, wherein the alert visually indicates that criticality of the malicious network activity represented by the cluster; and automatically ordering the alerts indicated in the second visualization based on the respective determined criticalities of malicious network activity represented by the clusters corresponding to the alerts. - View Dependent Claims (15, 16, 17, 18, 19, 20)
Specification