| 发明名称 | Detection of anomalous instances through dynamic feature selection analysis | ||
| 摘要 | This specification describes technologies relating to detecting anomalous user accounts. A computer implemented method is disclosed which evaluates an unknown status user account. The method described compares features associated with a plurality of known anomalous user accounts stored in a database to features present in the unknown account. A correlation value corresponding to the probability of a specific feature occurring in a particular anomalous user account is calculated and a dependence value corresponding to the degree of dependence between the given feature and at least one other feature is also calculated. A subset of features in the unknown account is generated comprising those features that possess a correlation value less than a threshold value and a dependence value below a maximum correlation value. A risk score for the unknown account is calculated by selecting those features from the subset that maximizes the correlation value. The unknown account is then reviewed by an account reviewer if the risk score exceeds a threshold value. | ||
| 申请公布号 | US9258314(B1) | 申请公布日期 | 2016.02.09 |
| 申请号 | US201313842511 | 申请日期 | 2013.03.15 |
| 申请人 | Google Inc. | 发明人 | Xiao Fei;Pungaru Ioan Marius;Davis Bill;McNally Michael;Rao Vinay Somasundara;Gupta Anurag |
| 分类号 | G06F11/00;G06Q40/00;H04L29/06 | 主分类号 | G06F11/00 |
| 代理机构 | Foley & Lardner LLP | 代理人 | Foley & Lardner LLP ;Lanza John D.;Vellis James De |
| 主权项 | 1. A computer implemented method for evaluating a status of an unknown user account, the method comprising; accessing a set of features associated with a plurality of known anomalous user accounts stored in a database, wherein each feature accessed is present in an unknown status user account; computing for a given feature using code executing in a processor of a computer, a conditional correlation value corresponding to the probability of a specific feature occurring in a particular unknown user account and a dependence value corresponding to a conditional confidence that one feature is independent of at least one feature; generating a first subset of features in the unknown user account using code executing in the processor, in which each feature in the first subset has a correlation value above a minimum threshold value and a dependence value below a maximum correlation value; calculating a risk score for the unknown user account from at least one of the correlation values of the features in the first subset using code executing in the processor; tagging the unknown user account for review by an account reviewer when the risk score exceeds a threshold value using code executing in the processor; determining, by the computer, that the risk score exceeds the threshold value; and responsive to determining that the risk score exceeds the threshold value, temporarily withdrawing at least one resource from the unknown user account. | ||
| 地址 | Mountain View CA US | ||