Detecting a compromised online user account

US 9,117,074 B2
Filed: 05/18/2011
Issued: 08/25/2015
Est. Priority Date: 05/18/2011
Status: Active Grant

First Claim

Patent Images

1. A method for mitigating a compromised online user account, comprising:

establishing a baseline for an online user account comprising identifying information about at least one of communications from the online user account or communications to the online user account, comprising identifying one or more of;

a duration of one or more communications;

a mode of one or more communications;

ora type of a contact associated with one or more communications;

detecting a deviation from the baseline indicative of a potential compromise to the online user account, detecting a deviation comprising comparing an activity segment value from a desired period of activity for the online user account with a threshold value, the deviation based upon at least one of;

a duration deviation of one or more durations of one or more first communications from a combination of one or more durations of one or more second communications associated with the baseline, at least one of the one or more durations of the one or more first communications or the one or more durations of the one or more second communications corresponding to a duration of at least one of email messaging, instant messaging (IM), text messaging, voice messaging, video messaging or chatting, posting to a message board, posting a comment to online content, posting an update to a status stream, uploading content, micro-blogging or blogging;

a mode deviation of one or more modes of one or more third communications from a combination of one or more modes of one or more fourth communications associated with the baseline, at least one of the one or more modes of the one or more third communications or the one or more modes of the one or more fourth communications corresponding to at least one of email messaging, IM, text messaging, voice messaging, video messaging or chatting, posting to a message board, posting a comment to online content, posting an update to a status stream, uploading content, micro-blogging or blogging;

ora type deviation of one or more types of one or more contacts of one or more fifth communications from a combination of one or more types of one or more contacts of one or more sixth communications associated with the baseline, the one or more types of the one or more contacts of the one or more fifth communications corresponding to at least one of an age of the one or more contacts of the one or more fifth communications, how long the one or more contacts of the one or more fifth communications have been linked to the online user account, whether the one or more contacts of the one or more fifth communications are linked to the online user account or whether the one or more contacts of the one or more fifth communications are comprised in an address book of the online user account; and

notifying a user of the online user account of the potential compromise.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One or more techniques and/or systems are disclosed for detecting and/or mitigating a potentially compromised online user account. One or more baselines can be established for a user'"'"'s online account to determine a normal usage pattern for the account by the user (e.g., frequency of incoming/outgoing emails, text messages, etc.). The online user account can be periodically or continually monitored for use of the same resources used to determine the baseline(s). If a deviation from the baseline is detected, the deviation may be compared against a threshold to determine whether the deviation indicates that the account may be compromised. When an indication of a potentially compromised account is detected, the user can be notified of the indication, so that one or more actions can be taken to mitigate the potentially compromised account.

157 Citations

20 Claims

1. A method for mitigating a compromised online user account, comprising:
- establishing a baseline for an online user account comprising identifying information about at least one of communications from the online user account or communications to the online user account, comprising identifying one or more of;
  
  a duration of one or more communications;
  
  a mode of one or more communications;
  
  ora type of a contact associated with one or more communications;
  
  detecting a deviation from the baseline indicative of a potential compromise to the online user account, detecting a deviation comprising comparing an activity segment value from a desired period of activity for the online user account with a threshold value, the deviation based upon at least one of;
  
  a duration deviation of one or more durations of one or more first communications from a combination of one or more durations of one or more second communications associated with the baseline, at least one of the one or more durations of the one or more first communications or the one or more durations of the one or more second communications corresponding to a duration of at least one of email messaging, instant messaging (IM), text messaging, voice messaging, video messaging or chatting, posting to a message board, posting a comment to online content, posting an update to a status stream, uploading content, micro-blogging or blogging;
  
  a mode deviation of one or more modes of one or more third communications from a combination of one or more modes of one or more fourth communications associated with the baseline, at least one of the one or more modes of the one or more third communications or the one or more modes of the one or more fourth communications corresponding to at least one of email messaging, IM, text messaging, voice messaging, video messaging or chatting, posting to a message board, posting a comment to online content, posting an update to a status stream, uploading content, micro-blogging or blogging;
  
  ora type deviation of one or more types of one or more contacts of one or more fifth communications from a combination of one or more types of one or more contacts of one or more sixth communications associated with the baseline, the one or more types of the one or more contacts of the one or more fifth communications corresponding to at least one of an age of the one or more contacts of the one or more fifth communications, how long the one or more contacts of the one or more fifth communications have been linked to the online user account, whether the one or more contacts of the one or more fifth communications are linked to the online user account or whether the one or more contacts of the one or more fifth communications are comprised in an address book of the online user account; and
  
  notifying a user of the online user account of the potential compromise.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, comprising notifying contacts of the online user account of the potential compromise.
  - 3. The method of claim 2, notifying contacts comprising sending a notification to respective contacts utilizing a mode of communication that is identified as having a desired communication trust level.
  - 4. The method of claim 1, comprising notifying the user to take corrective action.
  - 5. The method of claim 1, comprising notifying contacts of the online user account to take corrective action.
  - 6. The method of claim 1, detecting a deviation comprising monitoring the online user account for activity related to one or more activity segments associated with the baseline.
  - 7. The method of claim 1, establishing a baseline comprising establishing a baseline value for one or more activity segments of the online user account.
  - 8. The method of claim 1, establishing a baseline comprising determining a historical use of the online user account by the user for a desired period of time.
  - 9. The method of claim 1, establishing a baseline comprising identifying activity in one or more activity segments for the online user account, the one or more activity segments comprising communication-related activity between the user and one or more contacts.
  - 10. The method of claim 1, identifying information comprising identifying a frequency of one or more communications.
  - 11. The method of claim 1, detecting a deviation comprising comparing activity from one or more activity segments of the online user account with a desired deviation threshold from the baseline.
  - 12. The method of claim 1, comprising notifying the user to update security information.
  - 13. The method of claim 1, detecting a deviation comprising inputting one or more activity segment values from the desired period of activity for the online user account into a classifier trained using the baseline to output a probability of a compromised online user account.
  - 14. The method of claim 1, notifying a user comprising sending a notification to the user utilizing a mode of communication that is identified as having a desired probability of being non-compromised.

15. A system, implemented at least in part via a processing unit, for mitigating a compromised online user account, comprising:
- a baseline establishing component configured to establish a baseline for an online user account by identifying information about at least one of communications from the online user account or communications to the online user account, comprising identifying a duration of one or more communications;
  
  a deviation detection component configured to detect a deviation from the baseline indicative of a potential compromise to the online user account, detecting a deviation comprising comparing an activity segment value from a desired period of activity for the online user account with a threshold value, the deviation based upon a mode deviation of one or more modes of one or more first communications from a combination of one or more modes of one or more second communications associated with the baseline, at least one of the one or more modes of the one or more first communications or the one or more modes of the one or more second communications corresponding to at least one of email messaging, instant messaging (IM), text messaging, voice messaging, video messaging or chatting, posting to a message board, posting a comment to online content, posting an update to a status stream, uploading content, micro-blogging or blogging; and
  
  a user notification component configured to notify a user of the online user account of the potential compromise.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The system of claim 15, the online user account comprising a micro-blogging account.
  - 17. The system of claim 15, the user notification component configured to notify the user to update security information.
  - 18. The system of claim 15, the baseline comprising a statistical value representing a frequency of communications between the user and one or more contacts.
  - 19. The system of claim 15, the online user account comprising a social network account.

20. A computer readable medium, excluding signals, comprising instructions that when executed perform a method for mitigating a compromised online user account, comprising:
- establishing a baseline for an online user account comprising identifying information about at least one of communications from the online user account or communications to the online user account, comprising identifying a type of a contact associated with one or more communications;
  
  detecting a deviation from the baseline indicative of a potential compromise to the online user account, detecting a deviation comprising comparing an activity segment value from a desired period of activity for the online user account with a threshold value, the deviation based upon a type deviation of one or more types of one or more contacts of one or more first communications from a combination of one or more types of one or more contacts of one or more second communications associated with the baseline, the one or more types of the one or more contacts of the one or more first communications corresponding to at least one of an age of the one or more contacts of the one or more first communications, how long the one or more contacts of the one or more first communications have been linked to the online user account, whether the one or more contacts of the one or more first communications are linked to the online user account or whether the one or more contacts of the one or more first communications are comprised in an address book of the online user account; and
  
  notifying a user of the online user account of the potential compromise.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Srivastava, Kumar S.
Primary Examiner(s)
Mehrmanesh, Amir

Application Number

US13/110,202
Publication Number

US 20120297484A1
Time in Patent Office

1,560 Days
Field of Search

726 22- 26, 705/30, 705 38- 41, 709/224
US Class Current

1/1
CPC Class Codes

G06F 21/552 involving long-term monitor...

Detecting a compromised online user account

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

157 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Detecting a compromised online user account

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

157 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links