Detecting Fraudulent Activity
Abstract
Described are computer-based methods and apparatuses, including computer program products, for detecting fraudulent activity. A computing device in a second network receives a plurality of interactions between data centers in a first network and one or more devices, remote from the data centers, of a user, the interactions forming an aggregate user session representing the user's activity over a period of time with the data centers via the devices. The computing device monitors data transaction requests of the interactions and is configured to respond to each request with a response that appears as if the request was executed. If the interactions are harmful, the computing device interdicts the interactions from execution by the data centers and allows the devices to submit additional interactions. If unable to determine whether the subsequent interactions are harmful, the computing device transmits the interactions to the data centers for execution and marks the interactions.
Claims
exact text as granted — not AI-modified1 . A method for detecting fraudulent activity, the method comprising:
receiving, by a computing device in a second network, a plurality of interactions between a plurality of data centers in a first network and one or more devices, remote from the data centers, of a user, the plurality of interactions forming an aggregate user session representing the user's activity over a period of time with the plurality of data centers via the one or more devices; monitoring, by the computing device, data transaction requests of the plurality of interactions, the computing device configured to respond to each data transaction request with a response that appears to the user as if the request was executed by the respective data center; if the computing device determines that the interactions are harmful:
interdicting, by the computing device, the interactions from execution by the plurality of data centers; and
allowing, by the computing device, the one or more devices to submit additional interactions;
if the computing device is unable to determine whether the subsequent interactions are harmful:
transmitting, by the computing device, the interactions to the plurality of data centers for execution; and
marking, by the computing device, the interactions for monitoring purposes.
2 . The method of claim 1 , if the computing device determines that the interactions are harmful, the method further comprising:
if the computing device is able to simulate the interactions, transmitting a response for each interaction to the one or more devices, the transmitted responses appearing to the user as if the plurality of data centers executed the interactions; if the computing device is unable to simulate the interactions, transmitting a response for each interaction to the one or more devices, the transmitted responses appearing to the user as if the plurality of data centers failed to execute the interactions due to a system error; and monitoring, by the computing device, data transaction requests of additional interactions submitted from the one or more devices.
3 . The method of claim 1 , the method further comprising:
generating, by the computing device, a signature based on the monitoring step; and correlating, by the computing device, the signature with previous user sessions to determine whether the plurality of interactions and the previous user sessions share one or more characteristics.
4 . The method of claim 3 , wherein the characteristics include at least one of: a common user, a common remote device, a common location, or a common activity pattern.
5 . The method of claim 3 , wherein the signature is generated using one or more data analysis tools that have access to the plurality of interactions.
6 . The method of claim 1 , wherein the method is performed in real time.
7 . The method of claim 1 , wherein the response that appears to the user as if the request was executed by the respective data center includes dummy data to prevent the user from accessing data stored in the data center.
8 . The method of claim 1 , if the computing device determines that the interactions are harmful, the method further comprising:
providing, by the computing device, responses to the additional interactions that encourage the user to stay connected to the computing device until an enforcement action is executed.
9 . The method of claim 8 , wherein the responses to the additional interactions extend a session between the computing device and the one or more remote devices.
10 . The method of claim 1 , if the computing device determines that the interactions are harmful, the method further comprising:
determining, by the computing device, one or more vulnerabilities associated with the plurality of data centers based on the interactions submitted by the one or more remote devices.
11 . A system for detecting fraudulent activity, the method comprising:
a computing device in a second network configured to:
receive a plurality of interactions between a plurality of data centers in a first network and one or more devices, remote from the data centers, of a user, the plurality of interactions forming an aggregate user session representing the user's activity over a period of time with the plurality of data centers via the one or more devices;
monitor data transaction requests of the plurality of interactions, the computing device configured to respond to each data transaction request with a response that appears to the user as if the request was executed by the respective data center;
if the computing device determines that the interactions are harmful:
interdict the interactions from execution by the plurality of data centers; and
allow the one or more devices to submit additional interactions;
if the computing device is unable to determine whether the subsequent interactions are harmful:
transmit the interactions to the plurality of data centers for execution; and
mark the interactions for monitoring purposes.
12 . The system of claim 11 , if the computing device determines that the interactions are harmful, the computing device further configured to:
transmit a response for each interaction to the one or more devices if the computing device is able to simulate the interactions, the transmitted responses appearing to the user as if the plurality of data centers executed the interactions; transmit a response for each interaction to the one or more devices if the computing device is unable to simulate the interactions, the transmitted responses appearing to the user as if the plurality of data centers failed to execute the interactions due to a system error; and monitor data transaction requests of additional interactions submitted from the one or more devices.
13 . A computer program product, tangibly embodied in a non-transitory computer readable storage medium, for detecting fraudulent activity, the computer program product including instructions operable to cause a computing device in a second network to:
receive a plurality of interactions between a plurality of data centers in a first network and one or more devices, remote from the data centers, of a user, the plurality of interactions forming an aggregate user session representing the user's activity over a period of time with the plurality of data centers via the one or more devices; monitor data transaction requests of the plurality of interactions, the computing device configured to respond to each data transaction request with a response that appears to the user as if the request was executed by the respective data center; if the computing device determines that the interactions are harmful:
interdict the interactions from execution by the plurality of data centers; and
allow the one or more devices to submit additional interactions;
if the computing device is unable to determine whether the subsequent interactions are harmful:
transmit the interactions to the plurality of data centers for execution; and
mark the interactions for monitoring purposes.
14 . The computer program product of claim 13 , if the computing device determines that the interactions are harmful, the computer program product including further instructions operable to cause the computing device to:
transmit a response for each interaction to the one or more devices if the computing device is able to simulate the interactions, the transmitted responses appearing to the user as if the plurality of data centers executed the interactions; transmit a response for each interaction to the one or more devices if the computing device is unable to simulate the interactions, the transmitted responses appearing to the user as if the plurality of data centers failed to execute the interactions due to a system error; and monitor data transaction requests of additional interactions submitted from the one or more devices.Join the waitlist — get patent alerts
Track US2012221721A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.