| 发明名称 |
Risk assessment modeling |
| 摘要 |
One or more techniques and/or systems are provided for risk assessment. Historical authentication data and/or compromised user account data may be evaluated to identify a set of authentication context properties associated with user authentication sessions and/or a set of malicious account context properties associated with compromised user accounts (e.g., properties indicative of whether a user recently visited a malicious site, created a fake social network profile, logged in from unknown locations, etc.). The set of authentication context properties and/or the set of malicious account context properties may be annotated to create an annotated context property training set that may be used to train a risk assessment machine learning model to generate a risk assessment model. The risk assessment model may be used to evaluate user context properties of a user account event to generate a risk analysis metric indicative of a likelihood the user account event is malicious or safe. |
| 申请公布号 |
US9396332(B2) |
申请公布日期 |
2016.07.19 |
| 申请号 |
US201414283996 |
申请日期 |
2014.05.21 |
| 申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
Abrams Luke;Steeves David J.;Sim Robert Alexander;Wong Pui-Yin Winfred;Katz Harry Simon;Small Aaron;Kaufman Dana Scott;Kreuziger Adrian;Nikiel Mark A.;Cristofor Laurentiu Bogdan;Keizur Alexa Lynn;Tibbetts Collin;Hayden Charles |
| 分类号 |
G06F21/55;G06N99/00;H04L29/08;H04L29/06 |
主分类号 |
G06F21/55 |
| 代理机构 |
|
代理人 |
Webster Bryan;Minhas Micky |
| 主权项 |
1. A method implemented at a computer system that includes one or more processors, for risk assessment, the method comprising:
evaluating historical authentication data to identify a set of authentication context properties associated with user authentication sessions; evaluating compromised user account data to identify a set of malicious account context properties associated with at least one of compromised user accounts or compromised user authentication events; annotating the set of authentication context properties and the set of malicious account context properties to create an annotated context properties training set that includes at least two of a user browsing history property, a geolocation property, a target service accessed by a compromised user, a social network profile property, an application execution context property, a client device property, a device interaction property, an authentication challenge history property, a user contact list property, or a user activity property; training a plurality of risk assessment machine learning modules based upon the annotated context properties training set to generate a plurality of risk assessment models, wherein each risk assessment model is responsive to a predefined context property; identifying a current user account event of a current user; evaluating a first current user context property of the current user using a first risk assessment model; based on a first result from the first risk assessment model, evaluating a second current user context property of the current user using a second risk assessment model; aggregating results from the first and the second risk assessment models to generate a risk analysis metric; moderating the current user account event based upon the risk analysis metric; applying the aggregated results from the first and the second risk assessment models to prior user account events of a user to generate an evaluation metric; and retroactively banning or unbanning the current user account based upon the evaluation metric. |
| 地址 |
Redmond WA US |
