US20090177597A1 - Systems, methods and computer products for profile based identity verification over the internet - Google Patents

Systems, methods and computer products for profile based identity verification over the internet Download PDF

Info

Publication number
US20090177597A1
US20090177597A1 US12/128,994 US12899408A US2009177597A1 US 20090177597 A1 US20090177597 A1 US 20090177597A1 US 12899408 A US12899408 A US 12899408A US 2009177597 A1 US2009177597 A1 US 2009177597A1
Authority
US
United States
Prior art keywords
activity
score
attributes
internet
data set
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12/128,994
Inventor
Parijat Dube
David A. George
Raymond B. Jennings, III
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to US12/128,994 priority Critical patent/US20090177597A1/en
Publication of US20090177597A1 publication Critical patent/US20090177597A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/535Tracking the activity of the user

Definitions

  • IBM® is a registered trademark of International Business Machines Corporation, Armonk, N.Y., U.S.A. Other names used herein may be registered trademarks, trademarks or product names of International Business Machines Corporation or other companies.
  • This invention relates to classifying network activity and particularly to systems, methods and computer products for profile-based identity verification over the Internet.
  • Each Internet activity can be characterized by a set of attributes that can be used to define features of the behavior of an individual while interacting with Internet through that activity.
  • attributes associated with Email can be: the community of the persons to which emails are normally sent; the time stamp of the emails; the length of emails; the type of attachments (doc/ppt/mpeg . . . ); the subject of emails; the topic generally discussed; and the keywords normally used by a person (e.g., each person has his own set of vocabulary from which they normally choose words to write in emails).
  • those attributes associated with Chat can be: the type of chat community a person joins; the language used in chat environments; the occurrence rate of chat messages; the amount of time a user poises between sending messages; the length of chat message in terms of number of words; the type of community according to the time of the day; the reaction time to messages from others; the amount of time a person spends in particular chat community; and the number of concurrent chat sessions an individual participates.
  • Every individual has a certain personality that is a complex manifestation of the social, political, economical and educational background in which he was brought up and in which he currently resides.
  • the word “personality” here is a broad term including an individual's intelligence level, creativity, vocabulary, interests, linguistic skills, psychological traits, experience with using computer applications, mannerisms. This personality is reflected in his day-to-day interactions with others, in his thinking, and hence in his actions in different environments and in different situations.
  • An individual's personality also has a crucial affect on his behavior over Internet. In particular, this personality can be reflected in the values of the different internet-activity specific attributes for the individual.
  • Exemplary embodiments include a system for profiling a user on a network based on a data set to generate a score, the system including an activity classifier configured to receive Internet activity input including email, chat, browser and voice over Internet Protocol (VoIP) logs/streams, an email profiler coupled to the activity classifier, a chat profiler coupled to the activity classifier, a browser profiler coupled to the activity classifier, a voice over Internet Protocol (VoIP) logs/streams profiler coupled to the activity classifier, wherein the profilers are configured to extract values from the Internet Activity input for activity specific and generic attributes from the data set, a score calculator configured to receive the activity specific and generic attributes and calculate the score of the data set, a categorization engine configured to receive the score from the score calculator and map the data set to an individual or class of individuals based on the value of the score and on a database of activity-specific attributes and an application configured to place weights on the activity specific and generic attributes to define a score function from the score, wherein the categorization engine is
  • FIG. 1 illustrates an exemplary embodiment of a system for profile-based identity verification over the Internet
  • FIG. 2 illustrates a high level block diagram of a system in accordance with exemplary embodiments
  • FIG. 3 illustrates a block diagram of a hierarchy of NetmetricsTM in accordance with exemplary embodiments.
  • FIG. 4 illustrates a flow chart of a method of profiling a user on a network in accordance with exemplary embodiments.
  • Exemplary embodiments include systems and methods that define, measure and analyze sets of attributes of an individual in an internet activity environment, which can be implemented for verifying identity.
  • the systems and methods further classify individuals based on these attributes ascribed to different Internet activities.
  • similar to biometrics which implement physical or behavioral characteristics including finger prints, retina, DNA, voice patterns etc.
  • the attributes defined herein are based on behavioral patterns on the Internet, (i.e. “NetmetricsTM”).
  • the systems and methods described herein profile an individual based on his behavior over Internet using different activity-specific metrics and further identify an individual based on feeds from his internet activities using different activity-specific metrics.
  • profiling involves defining a vector of attributes corresponding to different internet activities and then estimating the values of these attributes for an individual. The profiling can be dynamic and as the values of attributes change over time, the individual profiles are also updated. Once a repository of individual profiles is established a mapping of packets/group of packets to an individual/group of individuals based on the values of attributes carried by these packets can be performed.
  • the attribute values can be determined by some statistical processing of packets for example, which can involve machine learning techniques like supervised learning (Neural networks, Linear Discriminant Analysis) or unsupervised learning techniques.
  • the attributes can be unique to an activity and/or independent of the activity and may just depend on the individual and/or specific to a class of activities.
  • attributes specific to Email and Chat activities are defined above.
  • the activity-independent attributes can be linguistic skills, typing speed etc.
  • Examples of attributes specific to a class of activities can be e.g., conversation reaction time of an individual, which may be similar in VoIP and chat environments.
  • the systems and methods described herein can be implemented by companies for profiling its employees, which can be used e.g., to identify inappropriate usage of company's network resources by non-employees (friends, spouses etc.).
  • the systems and methods described herein can also be implemented by the government for monitoring Internet for suspicious activities.
  • the systems and methods described herein can also be implemented to prevent identify theft, monitor surreptitious activities, and conduct studies on social behavior over Internet.
  • the systems described herein can include a database storing activity-specific attributes.
  • the attributes can be learned over time corresponding to an (e.g., activity, individual) pair.
  • the database can be updated dynamically with new information received.
  • the systems described herein can also include an activity Classifier.
  • the activity classifier classifies the data received into the type of activity to which it corresponds.
  • the systems described herein can also include a data-set profiler, which studies different activity logs in run-time corresponding to individual(s) and calculates values for different (predefined) activity specific attributes from the logs.
  • feeds may be from only a subset of activities and further some activity-specific attributes may not be calculated due to the time horizon of feeds, etc.
  • the systems described herein can also include a data-set mapper to map the particular data-set which was analyzed by the profiler to different (e.g., predefined and dynamically updated) categories of individuals.
  • FIG. 1 illustrates an exemplary embodiment of a system 100 for profile-based identity verification over the Internet.
  • the methods described herein can be implemented in software (e.g., firmware), hardware, or a combination thereof.
  • the methods described herein are implemented in software, as an executable program, and is executed by a special or general-purpose digital computer, such as a personal computer, workstation, minicomputer, or mainframe computer.
  • the system 100 therefore includes general-purpose computer 101 .
  • the computer 101 includes a processor 101 , memory 110 coupled to a memory controller 115 , and one or more input and/or output (I/O) devices 140 , 145 (or peripherals) that are communicatively coupled via a local input/output controller 135 .
  • the input/output controller 135 can be, for example but not limited to, one or more buses or other wired or wireless connections, as is known in the art.
  • the input/output controller 135 may have additional elements, which are omitted for simplicity, such as controllers, buffers (caches), drivers, repeaters, and receivers, to enable communications.
  • the local interface may include address, control, and/or data connections to enable appropriate communications among the aforementioned components.
  • the processor 105 is a hardware device for executing software, particularly that stored in memory 110 .
  • the processor 105 can be any custom made or commercially available processor, a central processing unit (CPU), an auxiliary processor among several processors associated with the computer 101 , a semiconductor based microprocessor (in the form of a microchip or chip set), a macroprocessor, or generally any device for executing software instructions.
  • the memory 110 can include any one or combination of volatile memory elements (e.g., random access memory (RAM, such as DRAM, SRAM, SDRAM, etc.)) and nonvolatile memory elements (e.g., ROM, erasable programmable read only memory (EPROM), electronically erasable programmable read only memory (EEPROM), programmable read only memory (PROM), tape, compact disc read only memory (CD-ROM), disk, diskette, cartridge, cassette or the like, etc.).
  • RAM random access memory
  • EPROM erasable programmable read only memory
  • EEPROM electronically erasable programmable read only memory
  • PROM programmable read only memory
  • tape compact disc read only memory
  • CD-ROM compact disc read only memory
  • disk diskette
  • cassette or the like etc.
  • the memory 110 may incorporate electronic, magnetic, optical, and/or other types of storage media. Note that the memory 110 can have a distributed architecture, where various components are situated remote from one another, but can be accessed by the processor 105
  • the software in memory 110 may include one or more separate programs, each of which comprises an ordered listing of executable instructions for implementing logical functions.
  • the software in the memory 110 includes the profile-based identity verification methods described herein in accordance with exemplary embodiments and a suitable operating system (O/S) 111 .
  • the operating system 111 essentially controls the execution of other computer programs, such the profile-based identity verification systems and methods described herein, and provides scheduling, input-output control, file and data management, memory management, and communication control and related services.
  • the profile-based identity verification methods described herein may be in the form of a source program, executable program (object code), script, or any other entity comprising a set of instructions to be performed.
  • a source program then the program needs to be translated via a compiler, assembler, interpreter, or the like, which may or may not be included within the memory 110 , so as to operate properly in connection with the O/S 111 .
  • the profile-based identity verification methods can be written as an object oriented programming language, which has classes of data and methods, or a procedure programming language, which has routines, subroutines, and/or functions.
  • a conventional keyboard 150 and mouse 155 can be coupled to the input/output controller 135 .
  • Other output devices such as the I/O devices 140 , 145 may include input devices, for example but not limited to a printer, a scanner, microphone, and the like.
  • the I/O devices 140 , 145 may further include devices that communicate both inputs and outputs, for instance but not limited to, a NIC or modulator/demodulator (for accessing other files, devices, systems, or a network), a radio frequency (RF) or other transceiver, a telephonic interface, a bridge, a router, and the like.
  • the system 100 can further include a display controller 125 coupled to a display 130 .
  • the system 100 can further include a network interface 160 for coupling to a network 165 .
  • the network 165 can be an IP-based network for communication between the computer 101 and any external server, client and the like via a broadband connection.
  • the network 165 transmits and receives data between the computer 101 and external systems.
  • network 165 can be a managed IP network administered by a service provider.
  • the network 165 may be implemented in a wireless fashion, e.g., using wireless protocols and technologies, such as WiFi, WiMax, etc.
  • the network 165 can also be a packet-switched network such as a local area network, wide area network, metropolitan area network, Internet network, or other similar type of network environment.
  • the network 165 may be a fixed wireless network, a wireless local area network (LAN), a wireless wide area network (WAN) a personal area network (PAN), a virtual private network (VPN), intranet or other suitable network system and includes equipment for receiving and transmitting signals.
  • LAN wireless local area network
  • WAN wireless wide area network
  • PAN personal area network
  • VPN virtual private network
  • the software in the memory 110 may further include a basic input output system (BIOS) (omitted for simplicity).
  • BIOS is a set of essential software routines that initialize and test hardware at startup, start the O/S 111 , and support the transfer of data among the hardware devices.
  • the BIOS is stored in ROM so that the BIOS can be executed when the computer 101 is activated.
  • the processor 105 When the computer 101 is in operation, the processor 105 is configured to execute software stored within the memory 110 , to communicate data to and from the memory 110 , and to generally control operations of the computer 101 pursuant to the software.
  • the profile-based identity verification methods described herein and the O/S 111 are read by the processor 105 , perhaps buffered within the processor 105 , and then executed.
  • a computer readable medium is an electronic, magnetic, optical, or other physical device or means that can contain or store a computer program for use by or in connection with a computer related system or method.
  • the profile-based identity verification methods described herein can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions.
  • a “computer-readable medium” can be any means that can store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
  • the computer readable medium can be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium.
  • the computer-readable medium would include the following: an electrical connection (electronic) having one or more wires, a portable computer diskette (magnetic), a random access memory (RAM) (electronic), a read-only memory (ROM) (electronic), an erasable programmable read-only memory (EPROM, EEPROM, or Flash memory) (electronic), an optical fiber (optical), and a portable compact disc read-only memory (CDROM) (optical).
  • an electrical connection having one or more wires
  • a portable computer diskette magnetic
  • RAM random access memory
  • ROM read-only memory
  • EPROM erasable programmable read-only memory
  • Flash memory erasable programmable read-only memory
  • CDROM portable compact disc read-only memory
  • the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
  • the profile-based identity verification methods described herein can implemented with any or a combination of the following technologies, which are each well known in the art: a discrete logic circuit(s) having logic gates for implementing logic functions upon data signals, an application specific integrated circuit (ASIC) having appropriate combinational logic gates, a programmable gate array(s) (PGA), a field programmable gate array (FPGA), etc.
  • ASIC application specific integrated circuit
  • PGA programmable gate array
  • FPGA field programmable gate array
  • one or more processes in the memory 110 can monitor activity from the keyboard 150 and the mouse 155 or a combination thereof.
  • the processes can further monitor long-running jobs that have been initiated on the computer 101 .
  • the processes can further monitor which and how many other machines can control the computer 101 either locally or remotely.
  • the processes can also inquire or accept a grace period input by a user of the computer 101 .
  • the grace period can be a time period after which all traffic to and from the computer ceases if no further activity has been sensed by the processes. In this way, if a user has left the computer 101 for an extended period of time or has left the computer (e.g., after a work day) the computer 101 no longer allows traffic to and from the computer 101 .
  • the computer 101 can totally power down after the grace period has expired.
  • the processes can accept traffic only from a common network maintenance control system that provides limited services.
  • FIG. 2 illustrates a high level block diagram of a system 190 in accordance with exemplary embodiments.
  • the system 190 is utilized when the categorization of a data-set involves studying cross-activity correlations of attributes and calculating a user-specified score function.
  • An input 205 includes streams corresponding to different Internet activities, including email, chat, browser and voice over Internet Protocol (VoIP) logs/streams.
  • the system 190 can also include a user portal hosted by the portal server, 206 , through which the users can specify their own specific score function and their own list of attributes to be monitored.
  • the input streams from the input 205 are classified using an activity classifier, 200 , and for each Internet activity there is a corresponding a profiler, 201 , which acts upon the input data-set and extracts values for the activity specific and generic attributes from the data-set.
  • the attributes are then fed to a score calculator, 202 , whose function is to calculate the score of the data-set under analysis.
  • a cost function can also be programmed by the user through the portal.
  • the score is a utility function and can be defined differently by applications. For example, applications that are more interested in identifying individuals based on the types of web-sites of interest by a user can put more weights on the types of web-pages visited under the browser activity, on the types of web-pages discussed under the email and chat activity and 0 weights on other attributes of these activities. Some other application that is monitoring (e.g., a chat site) can put more weights on different attributes of chat activity logs and 0 on other activity logs.
  • the score function used to calculate the score of the particular data-set may also exploit correlation of (common) attributes across activities
  • the categorization engine 204 generates a dynamic profile of the data-set based on the application-specific score function.
  • the categorization engine 204 also creates dynamic categories from the database based on the score function supplied by the application.
  • the results from the categorization engine 204 can be fed into applications 210 tracking and/or monitoring users.
  • the score function can also be a vector of values corresponding to different individual attributes or can be a vector of functions, each mapping a subset of attributes. Though individual attributes alone may not be sufficient to identify an individual as the attribute set of many individuals may overlap, the combined set of attributes across different Internet activities has a high probability of drilling-down to an individual.
  • An individual can be viewed as a point in a multi-dimensional space of attributes associated with Internet activities. As richer sets of attributes for an activity and estimated values for an individual are defined, the ability to identify the individual uniquely also increases.
  • FIG. 3 illustrates a block diagram of a hierarchy 300 of NetmetricsTM in accordance with exemplary embodiments.
  • Cross layer NetmetricsTM 300 can include certain layers of a TCP/IP stack such as an application layer 320 , and corresponding applications 325 , a transport layer 330 , and corresponding data 335 , and a network layer 24 o , and corresponding network applications 345 . It is thus appreciated that the systems and methods described herein can be defined and evaluated at different layers of the network.
  • FIG. 4 illustrates a flow chart of a method 400 of profiling a user on a network in accordance with exemplary embodiments.
  • an input of streams corresponding to network activities associated with the user is received, wherein the input of streams is received from one or more layers of the network.
  • a score function and a list of attributes to be monitored is received.
  • the input of streams is classified into network-activity classifications.
  • values and attributes for the network-activity classifications are extracted and placed into data sets.
  • a score of the data sets is calculated. In exemplary embodiments, the score is a utility function defined by applications.
  • the data sets are compared to a database of activity-specific attributes.
  • the data sets are mapped to a class of individuals based on a value of the score and the comparison of the database of activity-specific attributes.
  • the method 400 can further include generating a dynamic profile of the data set based on an application-specific score function.
  • the method 400 can further include obtaining activity logs associated with the network activities, analyzing the activity logs in run-time and calculating values for the activity-specific attributes from the activity logs.
  • the capabilities of the present invention can be implemented in software, firmware, hardware or some combination thereof.
  • one or more aspects of the present invention can be included in an article of manufacture (e.g., one or more computer program products) having, for instance, computer usable media.
  • the media has embodied therein, for instance, computer readable program code means for providing and facilitating the capabilities of the present invention.
  • the article of manufacture can be included as a part of a computer system or sold separately.
  • At least one program storage device readable by a machine, tangibly embodying at least one program of instructions executable by the machine to perform the capabilities of the present invention can be provided.

Abstract

Systems, methods and computer products for profile-based identity verification over the Internet. Exemplary embodiments include a system including an activity classifier configured to receive Internet activity input including email, chat, browser and voice over Internet Protocol (VoIP) logs/streams, an email profiler, a chat, a browser profiler, a voice over Internet Protocol (VoIP) logs/streams profiler, wherein the profilers are configured to extract values from the Internet Activity input attributes from the data set, a score calculator configured to receive the attributes and calculate the score of the data set, a categorization engine configured to receive the score from the score calculator and map the data set to an individual or class of individuals based on the value of the score and on a database of activity-specific attributes and an application configured to place weights on the activity specific and generic attributes to define a score function from the score.

Description

    CROSS-REFERENCE TO RELATED APPLICATION
  • This application is a continuation of U.S. patent application Ser. No. 11/969,569, filed Jan. 4, 2008, the disclosure of which is incorporated by reference herein in its entirety.
    • TRADEMARKS
  • IBM® is a registered trademark of International Business Machines Corporation, Armonk, N.Y., U.S.A. Other names used herein may be registered trademarks, trademarks or product names of International Business Machines Corporation or other companies.
    • BACKGROUND OF THE INVENTION
  • 1. Field of the Invention
  • This invention relates to classifying network activity and particularly to systems, methods and computer products for profile-based identity verification over the Internet.
  • 2. Description of Background
  • Individuals all over the world interact with the Internet through different types of activities (e.g., applications, protocols, services). The behavioral dynamics of an individual in a particular Internet activity environment may be significantly different from other individuals. Each Internet activity can be characterized by a set of attributes that can be used to define features of the behavior of an individual while interacting with Internet through that activity. For example, attributes associated with Email can be: the community of the persons to which emails are normally sent; the time stamp of the emails; the length of emails; the type of attachments (doc/ppt/mpeg . . . ); the subject of emails; the topic generally discussed; and the keywords normally used by a person (e.g., each person has his own set of vocabulary from which they normally choose words to write in emails). Furthermore, those attributes associated with Chat can be: the type of chat community a person joins; the language used in chat environments; the occurrence rate of chat messages; the amount of time a user poises between sending messages; the length of chat message in terms of number of words; the type of community according to the time of the day; the reaction time to messages from others; the amount of time a person spends in particular chat community; and the number of concurrent chat sessions an individual participates.
  • Every individual has a certain personality that is a complex manifestation of the social, political, economical and educational background in which he was brought up and in which he currently resides. The word “personality” here is a broad term including an individual's intelligence level, creativity, vocabulary, interests, linguistic skills, psychological traits, experience with using computer applications, mannerisms. This personality is reflected in his day-to-day interactions with others, in his thinking, and hence in his actions in different environments and in different situations. An individual's personality also has a crucial affect on his behavior over Internet. In particular, this personality can be reflected in the values of the different internet-activity specific attributes for the individual.
    • SUMMARY OF THE INVENTION
  • Exemplary embodiments include a system for profiling a user on a network based on a data set to generate a score, the system including an activity classifier configured to receive Internet activity input including email, chat, browser and voice over Internet Protocol (VoIP) logs/streams, an email profiler coupled to the activity classifier, a chat profiler coupled to the activity classifier, a browser profiler coupled to the activity classifier, a voice over Internet Protocol (VoIP) logs/streams profiler coupled to the activity classifier, wherein the profilers are configured to extract values from the Internet Activity input for activity specific and generic attributes from the data set, a score calculator configured to receive the activity specific and generic attributes and calculate the score of the data set, a categorization engine configured to receive the score from the score calculator and map the data set to an individual or class of individuals based on the value of the score and on a database of activity-specific attributes and an application configured to place weights on the activity specific and generic attributes to define a score function from the score, wherein the categorization engine is further configured to generate a dynamic profile of the data-set based on a score function generated by the application and to generate a dynamic category from the database based on the score function.
  • System and computer program products corresponding to the above-summarized methods are also described and claimed herein.
  • Additional features and advantages are realized through the techniques of the present invention. Other embodiments and aspects of the invention are described in detail herein and are considered a part of the claimed invention. For a better understanding of the invention with advantages and features, refer to the description and to the drawings.
    • TECHNICAL EFFECTS
  • As a result of the summarized invention, technically we have achieved a solution which provides profile-based identity verification over the Internet.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The subject matter which is regarded as the invention is particularly pointed out and distinctly claimed in the claims at the conclusion of the specification. The foregoing and other objects, features, and advantages of the invention are apparent from the following detailed description taken in conjunction with the accompanying drawings in which:
  • FIG. 1 illustrates an exemplary embodiment of a system for profile-based identity verification over the Internet;
  • FIG. 2 illustrates a high level block diagram of a system in accordance with exemplary embodiments;
  • FIG. 3 illustrates a block diagram of a hierarchy of Netmetrics™ in accordance with exemplary embodiments; and
  • FIG. 4 illustrates a flow chart of a method of profiling a user on a network in accordance with exemplary embodiments.
    •
  • The detailed description explains the preferred embodiments of the invention, together with advantages and features, by way of example with reference to the drawings.
    • DETAILED DESCRIPTION OF THE INVENTION
  • Exemplary embodiments include systems and methods that define, measure and analyze sets of attributes of an individual in an internet activity environment, which can be implemented for verifying identity. In exemplary embodiments, the systems and methods further classify individuals based on these attributes ascribed to different Internet activities. In exemplary embodiments, similar to biometrics which implement physical or behavioral characteristics (including finger prints, retina, DNA, voice patterns etc.), the attributes defined herein are based on behavioral patterns on the Internet, (i.e. “Netmetrics™”).
  • In exemplary embodiments, the systems and methods described herein profile an individual based on his behavior over Internet using different activity-specific metrics and further identify an individual based on feeds from his internet activities using different activity-specific metrics. In exemplary embodiments, profiling involves defining a vector of attributes corresponding to different internet activities and then estimating the values of these attributes for an individual. The profiling can be dynamic and as the values of attributes change over time, the individual profiles are also updated. Once a repository of individual profiles is established a mapping of packets/group of packets to an individual/group of individuals based on the values of attributes carried by these packets can be performed. The attribute values can be determined by some statistical processing of packets for example, which can involve machine learning techniques like supervised learning (Neural networks, Linear Discriminant Analysis) or unsupervised learning techniques.
  • In exemplary embodiments, the attributes can be unique to an activity and/or independent of the activity and may just depend on the individual and/or specific to a class of activities. For example, attributes specific to Email and Chat activities are defined above. The activity-independent attributes can be linguistic skills, typing speed etc. Examples of attributes specific to a class of activities can be e.g., conversation reaction time of an individual, which may be similar in VoIP and chat environments.
  • In exemplary embodiments, the systems and methods described herein can be implemented by companies for profiling its employees, which can be used e.g., to identify inappropriate usage of company's network resources by non-employees (friends, spouses etc.). The systems and methods described herein can also be implemented by the government for monitoring Internet for suspicious activities. The systems and methods described herein can also be implemented to prevent identify theft, monitor surreptitious activities, and conduct studies on social behavior over Internet.
  • In exemplary embodiments, the systems described herein can include a database storing activity-specific attributes. In exemplary embodiments, the attributes can be learned over time corresponding to an (e.g., activity, individual) pair. The database can be updated dynamically with new information received. The systems described herein can also include an activity Classifier. In exemplary embodiments, the activity classifier classifies the data received into the type of activity to which it corresponds. The systems described herein can also include a data-set profiler, which studies different activity logs in run-time corresponding to individual(s) and calculates values for different (predefined) activity specific attributes from the logs. In exemplary embodiments, during run-time feeds may be from only a subset of activities and further some activity-specific attributes may not be calculated due to the time horizon of feeds, etc. The systems described herein can also include a data-set mapper to map the particular data-set which was analyzed by the profiler to different (e.g., predefined and dynamically updated) categories of individuals.
  • FIG. 1 illustrates an exemplary embodiment of a system 100 for profile-based identity verification over the Internet. The methods described herein can be implemented in software (e.g., firmware), hardware, or a combination thereof. In exemplary embodiments, the methods described herein are implemented in software, as an executable program, and is executed by a special or general-purpose digital computer, such as a personal computer, workstation, minicomputer, or mainframe computer. The system 100 therefore includes general-purpose computer 101.
  • In exemplary embodiments, in terms of hardware architecture, as shown in FIG. 1, the computer 101 includes a processor 101, memory 110 coupled to a memory controller 115, and one or more input and/or output (I/O) devices 140, 145 (or peripherals) that are communicatively coupled via a local input/output controller 135. The input/output controller 135 can be, for example but not limited to, one or more buses or other wired or wireless connections, as is known in the art. The input/output controller 135 may have additional elements, which are omitted for simplicity, such as controllers, buffers (caches), drivers, repeaters, and receivers, to enable communications. Further, the local interface may include address, control, and/or data connections to enable appropriate communications among the aforementioned components.
  • The processor 105 is a hardware device for executing software, particularly that stored in memory 110. The processor 105 can be any custom made or commercially available processor, a central processing unit (CPU), an auxiliary processor among several processors associated with the computer 101, a semiconductor based microprocessor (in the form of a microchip or chip set), a macroprocessor, or generally any device for executing software instructions.
  • The memory 110 can include any one or combination of volatile memory elements (e.g., random access memory (RAM, such as DRAM, SRAM, SDRAM, etc.)) and nonvolatile memory elements (e.g., ROM, erasable programmable read only memory (EPROM), electronically erasable programmable read only memory (EEPROM), programmable read only memory (PROM), tape, compact disc read only memory (CD-ROM), disk, diskette, cartridge, cassette or the like, etc.). Moreover, the memory 110 may incorporate electronic, magnetic, optical, and/or other types of storage media. Note that the memory 110 can have a distributed architecture, where various components are situated remote from one another, but can be accessed by the processor 105.
  • The software in memory 110 may include one or more separate programs, each of which comprises an ordered listing of executable instructions for implementing logical functions. In the example of FIG. 1, the software in the memory 110 includes the profile-based identity verification methods described herein in accordance with exemplary embodiments and a suitable operating system (O/S) 111. The operating system 111 essentially controls the execution of other computer programs, such the profile-based identity verification systems and methods described herein, and provides scheduling, input-output control, file and data management, memory management, and communication control and related services.
  • The profile-based identity verification methods described herein may be in the form of a source program, executable program (object code), script, or any other entity comprising a set of instructions to be performed. When a source program, then the program needs to be translated via a compiler, assembler, interpreter, or the like, which may or may not be included within the memory 110, so as to operate properly in connection with the O/S 111. Furthermore, the profile-based identity verification methods can be written as an object oriented programming language, which has classes of data and methods, or a procedure programming language, which has routines, subroutines, and/or functions.
  • In exemplary embodiments, a conventional keyboard 150 and mouse 155 can be coupled to the input/output controller 135. Other output devices such as the I/ O devices 140, 145 may include input devices, for example but not limited to a printer, a scanner, microphone, and the like. Finally, the I/ O devices 140, 145 may further include devices that communicate both inputs and outputs, for instance but not limited to, a NIC or modulator/demodulator (for accessing other files, devices, systems, or a network), a radio frequency (RF) or other transceiver, a telephonic interface, a bridge, a router, and the like. The system 100 can further include a display controller 125 coupled to a display 130. In exemplary embodiments, the system 100 can further include a network interface 160 for coupling to a network 165. The network 165 can be an IP-based network for communication between the computer 101 and any external server, client and the like via a broadband connection. The network 165 transmits and receives data between the computer 101 and external systems. In exemplary embodiments, network 165 can be a managed IP network administered by a service provider. The network 165 may be implemented in a wireless fashion, e.g., using wireless protocols and technologies, such as WiFi, WiMax, etc. The network 165 can also be a packet-switched network such as a local area network, wide area network, metropolitan area network, Internet network, or other similar type of network environment. The network 165 may be a fixed wireless network, a wireless local area network (LAN), a wireless wide area network (WAN) a personal area network (PAN), a virtual private network (VPN), intranet or other suitable network system and includes equipment for receiving and transmitting signals.
  • If the computer 101 is a PC, workstation, intelligent device or the like, the software in the memory 110 may further include a basic input output system (BIOS) (omitted for simplicity). The BIOS is a set of essential software routines that initialize and test hardware at startup, start the O/S 111, and support the transfer of data among the hardware devices. The BIOS is stored in ROM so that the BIOS can be executed when the computer 101 is activated.
  • When the computer 101 is in operation, the processor 105 is configured to execute software stored within the memory 110, to communicate data to and from the memory 110, and to generally control operations of the computer 101 pursuant to the software. The profile-based identity verification methods described herein and the O/S 111, in whole or in part, but typically the latter, are read by the processor 105, perhaps buffered within the processor 105, and then executed.
  • When the systems and methods described herein are implemented in software, as is shown in FIG. 1, it the methods can be stored on any computer readable medium, such as storage 120, for use by or in connection with any computer related system or method. In the context of this document, a computer readable medium is an electronic, magnetic, optical, or other physical device or means that can contain or store a computer program for use by or in connection with a computer related system or method. The profile-based identity verification methods described herein can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. In exemplary embodiments, a “computer-readable medium” can be any means that can store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. The computer readable medium can be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic) having one or more wires, a portable computer diskette (magnetic), a random access memory (RAM) (electronic), a read-only memory (ROM) (electronic), an erasable programmable read-only memory (EPROM, EEPROM, or Flash memory) (electronic), an optical fiber (optical), and a portable compact disc read-only memory (CDROM) (optical). Note that the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
  • In exemplary embodiments, where the profile-based identity verification methods are implemented in hardware, the profile-based identity verification methods described herein can implemented with any or a combination of the following technologies, which are each well known in the art: a discrete logic circuit(s) having logic gates for implementing logic functions upon data signals, an application specific integrated circuit (ASIC) having appropriate combinational logic gates, a programmable gate array(s) (PGA), a field programmable gate array (FPGA), etc.
  • In exemplary embodiments, one or more processes in the memory 110 can monitor activity from the keyboard 150 and the mouse 155 or a combination thereof. The processes can further monitor long-running jobs that have been initiated on the computer 101. The processes can further monitor which and how many other machines can control the computer 101 either locally or remotely. In exemplary embodiments, the processes can also inquire or accept a grace period input by a user of the computer 101. The grace period can be a time period after which all traffic to and from the computer ceases if no further activity has been sensed by the processes. In this way, if a user has left the computer 101 for an extended period of time or has left the computer (e.g., after a work day) the computer 101 no longer allows traffic to and from the computer 101. In an alternative implementation, the computer 101 can totally power down after the grace period has expired. In further exemplary embodiments, the processes can accept traffic only from a common network maintenance control system that provides limited services.
  • FIG. 2 illustrates a high level block diagram of a system 190 in accordance with exemplary embodiments. In exemplary embodiments, the system 190 is utilized when the categorization of a data-set involves studying cross-activity correlations of attributes and calculating a user-specified score function. An input 205 includes streams corresponding to different Internet activities, including email, chat, browser and voice over Internet Protocol (VoIP) logs/streams. In exemplary embodiments, the system 190 can also include a user portal hosted by the portal server, 206, through which the users can specify their own specific score function and their own list of attributes to be monitored. The input streams from the input 205 are classified using an activity classifier, 200, and for each Internet activity there is a corresponding a profiler, 201, which acts upon the input data-set and extracts values for the activity specific and generic attributes from the data-set. The attributes are then fed to a score calculator, 202, whose function is to calculate the score of the data-set under analysis. A cost function can also be programmed by the user through the portal. Once the score is calculated it is fed to a categorization engine, 204, which maps the data-set to a particular individual/class of individuals based on the value of the score and the database of activity specific attributes, 103.
  • In exemplary embodiments, the score is a utility function and can be defined differently by applications. For example, applications that are more interested in identifying individuals based on the types of web-sites of interest by a user can put more weights on the types of web-pages visited under the browser activity, on the types of web-pages discussed under the email and chat activity and 0 weights on other attributes of these activities. Some other application that is monitoring (e.g., a chat site) can put more weights on different attributes of chat activity logs and 0 on other activity logs. The score function used to calculate the score of the particular data-set may also exploit correlation of (common) attributes across activities
  • In exemplary embodiments, the categorization engine 204 generates a dynamic profile of the data-set based on the application-specific score function. The categorization engine 204 also creates dynamic categories from the database based on the score function supplied by the application. The results from the categorization engine 204 can be fed into applications 210 tracking and/or monitoring users. The score function can also be a vector of values corresponding to different individual attributes or can be a vector of functions, each mapping a subset of attributes. Though individual attributes alone may not be sufficient to identify an individual as the attribute set of many individuals may overlap, the combined set of attributes across different Internet activities has a high probability of drilling-down to an individual. An individual can be viewed as a point in a multi-dimensional space of attributes associated with Internet activities. As richer sets of attributes for an activity and estimated values for an individual are defined, the ability to identify the individual uniquely also increases.
  • FIG. 3 illustrates a block diagram of a hierarchy 300 of Netmetrics™ in accordance with exemplary embodiments. Cross layer Netmetrics™ 300 can include certain layers of a TCP/IP stack such as an application layer 320, and corresponding applications 325, a transport layer 330, and corresponding data 335, and a network layer 24 o, and corresponding network applications 345. It is thus appreciated that the systems and methods described herein can be defined and evaluated at different layers of the network.
  • FIG. 4 illustrates a flow chart of a method 400 of profiling a user on a network in accordance with exemplary embodiments. At block 410, an input of streams corresponding to network activities associated with the user is received, wherein the input of streams is received from one or more layers of the network. At block, 420 in response to receiving a request to supply specified-input, a score function and a list of attributes to be monitored is received. At block 430, the input of streams is classified into network-activity classifications. At block 440, values and attributes for the network-activity classifications are extracted and placed into data sets. At block 450, a score of the data sets is calculated. In exemplary embodiments, the score is a utility function defined by applications. At block 460, the data sets are compared to a database of activity-specific attributes. At block 470, the data sets are mapped to a class of individuals based on a value of the score and the comparison of the database of activity-specific attributes. In exemplary embodiments, the method 400 can further include generating a dynamic profile of the data set based on an application-specific score function. In further exemplary embodiments, the method 400 can further include obtaining activity logs associated with the network activities, analyzing the activity logs in run-time and calculating values for the activity-specific attributes from the activity logs.
  • The capabilities of the present invention can be implemented in software, firmware, hardware or some combination thereof.
  • As one example, one or more aspects of the present invention can be included in an article of manufacture (e.g., one or more computer program products) having, for instance, computer usable media. The media has embodied therein, for instance, computer readable program code means for providing and facilitating the capabilities of the present invention. The article of manufacture can be included as a part of a computer system or sold separately.
  • Additionally, at least one program storage device readable by a machine, tangibly embodying at least one program of instructions executable by the machine to perform the capabilities of the present invention can be provided.
  • The flow diagrams depicted herein are just examples. There may be many variations to these diagrams or the steps (or operations) described therein without departing from the spirit of the invention. For instance, the steps may be performed in a differing order, or steps may be added, deleted or modified. All of these variations are considered a part of the claimed invention.
  • While the preferred embodiment to the invention has been described, it will be understood that those skilled in the art, both now and in the future, may make various improvements and enhancements which fall within the scope of the claims which follow. These claims should be construed to maintain the proper protection for the invention first described.

Claims (1)

1. A system for profiling a user on a network based on a data set to generate a score, the system consisting of:
an activity classifier configured to receive Internet activity input including email, chat, browser and voice over Internet Protocol (VoIP) logs/streams;
an email profiler coupled to the activity classifier;
a chat profiler coupled to the activity classifier;
a browser profiler coupled to the activity classifier;
a voice over Internet Protocol (VoIP) logs/streams profiler coupled to the activity classifier,
wherein the profilers are configured to extract values from the Internet Activity input for activity specific and generic attributes from the data set;
a score calculator configured to receive the activity specific and generic attributes and calculate the score of the data set;
a categorization engine configured to receive the score from the score calculator and map the data set to an individual or class of individuals based on the value of the score and on a database of activity-specific attributes; and
an application configured to place weights on the activity specific and generic attributes to define a score function from the score,
wherein the categorization engine is further configured to generate a dynamic profile of the data-set based on a score function generated by the application and to generate a dynamic category from the database based on the score function.
US12/128,994 2008-01-04 2008-05-29 Systems, methods and computer products for profile based identity verification over the internet Abandoned US20090177597A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/128,994 US20090177597A1 (en) 2008-01-04 2008-05-29 Systems, methods and computer products for profile based identity verification over the internet

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/969,569 US7433960B1 (en) 2008-01-04 2008-01-04 Systems, methods and computer products for profile based identity verification over the internet
US12/128,994 US20090177597A1 (en) 2008-01-04 2008-05-29 Systems, methods and computer products for profile based identity verification over the internet

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US11/969,569 Continuation US7433960B1 (en) 2008-01-04 2008-01-04 Systems, methods and computer products for profile based identity verification over the internet

Publications (1)

Publication Number Publication Date
US20090177597A1 true US20090177597A1 (en) 2009-07-09

Family

ID=39797377

Family Applications (2)

Application Number Title Priority Date Filing Date
US11/969,569 Active 2028-01-08 US7433960B1 (en) 2008-01-04 2008-01-04 Systems, methods and computer products for profile based identity verification over the internet
US12/128,994 Abandoned US20090177597A1 (en) 2008-01-04 2008-05-29 Systems, methods and computer products for profile based identity verification over the internet

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US11/969,569 Active 2028-01-08 US7433960B1 (en) 2008-01-04 2008-01-04 Systems, methods and computer products for profile based identity verification over the internet

Country Status (1)

Country Link
US (2) US7433960B1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100153278A1 (en) * 2008-12-16 2010-06-17 Farsedakis Lewis E Web sites that introduce a seller to a universe of buyers, web sites that receive a buyer's listing of what he wants to buy, other introduction web sites, systems using introduction web sites and internet-based introductions
US8359631B2 (en) 2010-12-08 2013-01-22 Lewis Farsedakis Portable identity rating
US8464358B2 (en) 2010-12-08 2013-06-11 Lewis Farsedakis Portable identity rating
US20130154916A1 (en) * 2011-12-19 2013-06-20 Microsoft Corporation Method and system for providing centralized notifications to an administrator
US20130246325A1 (en) * 2012-03-15 2013-09-19 Amir Averbuch Method for classification of newly arrived multidimensional data points in dynamic big data sets
US8850535B2 (en) 2011-08-05 2014-09-30 Safefaces LLC Methods and systems for identity verification in a social network using ratings
US8850536B2 (en) 2011-08-05 2014-09-30 Safefaces LLC Methods and systems for identity verification in a social network using ratings
US20230004539A1 (en) * 2021-06-30 2023-01-05 Collibra Nv Systems and methods for continuous data profiling

Families Citing this family (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8275899B2 (en) * 2008-12-29 2012-09-25 At&T Intellectual Property I, L.P. Methods, devices and computer program products for regulating network activity using a subscriber scoring system
US9098333B1 (en) * 2010-05-07 2015-08-04 Ziften Technologies, Inc. Monitoring computer process resource usage
US8566956B2 (en) * 2010-06-23 2013-10-22 Salesforce.Com, Inc. Monitoring and reporting of data access behavior of authorized database users
US10168413B2 (en) 2011-03-25 2019-01-01 T-Mobile Usa, Inc. Service enhancements using near field communication
US20130054433A1 (en) 2011-08-25 2013-02-28 T-Mobile Usa, Inc. Multi-Factor Identity Fingerprinting with User Behavior
US9824199B2 (en) 2011-08-25 2017-11-21 T-Mobile Usa, Inc. Multi-factor profile and security fingerprint analysis
US9825967B2 (en) 2011-09-24 2017-11-21 Elwha Llc Behavioral fingerprinting via social networking interaction
US9015860B2 (en) 2011-09-24 2015-04-21 Elwha Llc Behavioral fingerprinting via derived personal relation
US8713704B2 (en) * 2011-09-24 2014-04-29 Elwha Llc Behavioral fingerprint based authentication
US8689350B2 (en) 2011-09-24 2014-04-01 Elwha Llc Behavioral fingerprint controlled theft detection and recovery
US9729549B2 (en) * 2011-09-24 2017-08-08 Elwha Llc Behavioral fingerprinting with adaptive development
US8555077B2 (en) 2011-11-23 2013-10-08 Elwha Llc Determining device identity using a behavioral fingerprint
US9083687B2 (en) 2011-09-24 2015-07-14 Elwha Llc Multi-device behavioral fingerprinting
US9298900B2 (en) 2011-09-24 2016-03-29 Elwha Llc Behavioral fingerprinting via inferred personal relation
US9621404B2 (en) 2011-09-24 2017-04-11 Elwha Llc Behavioral fingerprinting with social networking
US9348985B2 (en) 2011-11-23 2016-05-24 Elwha Llc Behavioral fingerprint controlled automatic task determination
US8869241B2 (en) 2011-09-24 2014-10-21 Elwha Llc Network acquired behavioral fingerprint for authentication
US10019744B2 (en) 2014-02-14 2018-07-10 Brighterion, Inc. Multi-dimensional behavior device ID
US20180053114A1 (en) 2014-10-23 2018-02-22 Brighterion, Inc. Artificial intelligence for context classifier
US10896421B2 (en) 2014-04-02 2021-01-19 Brighterion, Inc. Smart retail analytics and commercial messaging
US20160055427A1 (en) 2014-10-15 2016-02-25 Brighterion, Inc. Method for providing data science, artificial intelligence and machine learning as-a-service
US20150339673A1 (en) 2014-10-28 2015-11-26 Brighterion, Inc. Method for detecting merchant data breaches with a computer network server
US20150032589A1 (en) 2014-08-08 2015-01-29 Brighterion, Inc. Artificial intelligence fraud management solution
US20150066771A1 (en) 2014-08-08 2015-03-05 Brighterion, Inc. Fast access vectors in real-time behavioral profiling
US9280661B2 (en) 2014-08-08 2016-03-08 Brighterion, Inc. System administrator behavior analysis
US20160063502A1 (en) 2014-10-15 2016-03-03 Brighterion, Inc. Method for improving operating profits with better automated decision making with artificial intelligence
US20160078367A1 (en) 2014-10-15 2016-03-17 Brighterion, Inc. Data clean-up method for improving predictive model training
US20160071017A1 (en) 2014-10-15 2016-03-10 Brighterion, Inc. Method of operating artificial intelligence machines to improve predictive model training and performance
US11080709B2 (en) 2014-10-15 2021-08-03 Brighterion, Inc. Method of reducing financial losses in multiple payment channels upon a recognition of fraud first appearing in any one payment channel
US10546099B2 (en) 2014-10-15 2020-01-28 Brighterion, Inc. Method of personalizing, individualizing, and automating the management of healthcare fraud-waste-abuse to unique individual healthcare providers
US10290001B2 (en) 2014-10-28 2019-05-14 Brighterion, Inc. Data breach detection
US10671915B2 (en) 2015-07-31 2020-06-02 Brighterion, Inc. Method for calling for preemptive maintenance and for equipment failure prevention
US20190342297A1 (en) 2018-05-01 2019-11-07 Brighterion, Inc. Securing internet-of-things with smart-agent technology

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5848396A (en) * 1996-04-26 1998-12-08 Freedom Of Information, Inc. Method and apparatus for determining behavioral profile of a computer user
US6334121B1 (en) * 1998-05-04 2001-12-25 Virginia Commonwealth University Usage pattern based user authenticator
US20060026669A1 (en) * 2004-07-29 2006-02-02 Zakas Phillip H System and method of characterizing and managing electronic traffic
US7013290B2 (en) * 2001-08-03 2006-03-14 John Allen Ananian Personalized interactive digital catalog profiling
US7143066B2 (en) * 1997-11-06 2006-11-28 Intertrust Technologies Corp. Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information
US7213032B2 (en) * 2000-07-06 2007-05-01 Protigen, Inc. System and method for anonymous transaction in a data network and classification of individuals without knowing their real identity
US7302480B2 (en) * 2002-01-18 2007-11-27 Stonesoft Corporation Monitoring the flow of a data stream
US7703030B2 (en) * 2005-01-11 2010-04-20 Trusted Opinion, Inc. Method and system for providing customized recommendations to users
US20100169971A1 (en) * 2008-12-25 2010-07-01 Check Point Software Technologies, Ltd. Methods for user profiling for detecting insider threats based on internet search patterns and forensics of search keywords
US7769740B2 (en) * 2007-12-21 2010-08-03 Yahoo! Inc. Systems and methods of ranking attention

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6041311A (en) * 1995-06-30 2000-03-21 Microsoft Corporation Method and apparatus for item recommendation using automated collaborative filtering
US5867799A (en) * 1996-04-04 1999-02-02 Lang; Andrew K. Information system and method for filtering a massive flow of information entities to meet user information classification needs
JP3219386B2 (en) * 1997-12-26 2001-10-15 松下電器産業株式会社 Information filter device and information filter method
US6681331B1 (en) * 1999-05-11 2004-01-20 Cylant, Inc. Dynamic software system intrusion detection
US6839680B1 (en) * 1999-09-30 2005-01-04 Fujitsu Limited Internet profiling
US6691106B1 (en) * 2000-05-23 2004-02-10 Intel Corporation Profile driven instant web portal
CA2428404C (en) * 2000-11-20 2012-02-07 Ian Barry Crabtree Information provider
US20030135499A1 (en) * 2002-01-14 2003-07-17 Schirmer Andrew Lewis System and method for mining a user's electronic mail messages to determine the user's affinities
US7647645B2 (en) * 2003-07-23 2010-01-12 Omon Ayodele Edeki System and method for securing computer system against unauthorized access
US20050234920A1 (en) * 2004-04-05 2005-10-20 Lee Rhodes System, computer-usable medium and method for monitoring network activity
US20060037077A1 (en) * 2004-08-16 2006-02-16 Cisco Technology, Inc. Network intrusion detection system having application inspection and anomaly detection characteristics
US7814548B2 (en) * 2005-09-13 2010-10-12 Honeywell International Inc. Instance based learning framework for effective behavior profiling and anomaly intrusion detection
US20070117557A1 (en) * 2005-11-21 2007-05-24 Conopco Inc, D/B/A Unilever Parametric user profiling

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5848396A (en) * 1996-04-26 1998-12-08 Freedom Of Information, Inc. Method and apparatus for determining behavioral profile of a computer user
US7143066B2 (en) * 1997-11-06 2006-11-28 Intertrust Technologies Corp. Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information
US6334121B1 (en) * 1998-05-04 2001-12-25 Virginia Commonwealth University Usage pattern based user authenticator
US7213032B2 (en) * 2000-07-06 2007-05-01 Protigen, Inc. System and method for anonymous transaction in a data network and classification of individuals without knowing their real identity
US7013290B2 (en) * 2001-08-03 2006-03-14 John Allen Ananian Personalized interactive digital catalog profiling
US7302480B2 (en) * 2002-01-18 2007-11-27 Stonesoft Corporation Monitoring the flow of a data stream
US20060026669A1 (en) * 2004-07-29 2006-02-02 Zakas Phillip H System and method of characterizing and managing electronic traffic
US7703030B2 (en) * 2005-01-11 2010-04-20 Trusted Opinion, Inc. Method and system for providing customized recommendations to users
US7769740B2 (en) * 2007-12-21 2010-08-03 Yahoo! Inc. Systems and methods of ranking attention
US20100169971A1 (en) * 2008-12-25 2010-07-01 Check Point Software Technologies, Ltd. Methods for user profiling for detecting insider threats based on internet search patterns and forensics of search keywords

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100153278A1 (en) * 2008-12-16 2010-06-17 Farsedakis Lewis E Web sites that introduce a seller to a universe of buyers, web sites that receive a buyer's listing of what he wants to buy, other introduction web sites, systems using introduction web sites and internet-based introductions
US8966650B2 (en) 2010-12-08 2015-02-24 Lewis Farsedakis Portable identity rating
US8359631B2 (en) 2010-12-08 2013-01-22 Lewis Farsedakis Portable identity rating
US8464358B2 (en) 2010-12-08 2013-06-11 Lewis Farsedakis Portable identity rating
US8646037B2 (en) 2010-12-08 2014-02-04 Lewis Farsedakis Portable identity rating
US9282090B2 (en) * 2011-08-05 2016-03-08 Safefaces LLC Methods and systems for identity verification in a social network using ratings
US8850535B2 (en) 2011-08-05 2014-09-30 Safefaces LLC Methods and systems for identity verification in a social network using ratings
US8850536B2 (en) 2011-08-05 2014-09-30 Safefaces LLC Methods and systems for identity verification in a social network using ratings
US20150052594A1 (en) * 2011-08-05 2015-02-19 Safefaces LLC Methods and systems for identity verification in a social network using ratings
US9741003B2 (en) * 2011-12-19 2017-08-22 Microsoft Technology Licensing, Llc Method and system for providing centralized notifications to an administrator
US20130154916A1 (en) * 2011-12-19 2013-06-20 Microsoft Corporation Method and system for providing centralized notifications to an administrator
US10726372B2 (en) 2011-12-19 2020-07-28 Microsoft Technology Licensing, Llc Method and system for providing centralized notifications to an administrator
US9147162B2 (en) * 2012-03-15 2015-09-29 ThetaRay Ltd. Method for classification of newly arrived multidimensional data points in dynamic big data sets
US20130246325A1 (en) * 2012-03-15 2013-09-19 Amir Averbuch Method for classification of newly arrived multidimensional data points in dynamic big data sets
US20230004539A1 (en) * 2021-06-30 2023-01-05 Collibra Nv Systems and methods for continuous data profiling
US11782889B2 (en) * 2021-06-30 2023-10-10 Collibra Belgium Bv Systems and methods for continuous data profiling

Also Published As

Publication number Publication date
US7433960B1 (en) 2008-10-07

Similar Documents

Publication Publication Date Title
US7433960B1 (en) Systems, methods and computer products for profile based identity verification over the internet
US10841323B2 (en) Detecting robotic internet activity across domains utilizing one-class and domain adaptation machine-learning models
JP5913754B2 (en) Customized predictors of user behavior in online systems
Fang et al. Privacy wizards for social networking sites
US9264442B2 (en) Detecting anomalies in work practice data by combining multiple domains of information
US8380607B2 (en) Predicting economic trends via network communication mood tracking
US20160203316A1 (en) Activity model for detecting suspicious user activity
US20120311030A1 (en) Inferring User Interests Using Social Network Correlation and Attribute Correlation
US8392229B2 (en) Activity-centric granular application functionality
US20210073627A1 (en) Detection of machine learning model degradation
EP1509877A2 (en) Behavior-based adaptation of computer systems
CA3094542A1 (en) Management of programmatic and compliance workflows using robotic process automation
US10510014B2 (en) Escalation-compatible processing flows for anti-abuse infrastructures
Deligiannis et al. Designing a Real-Time Data-Driven Customer Churn Risk Indicator for Subscription Commerce.
US10291483B2 (en) Entity embedding-based anomaly detection for heterogeneous categorical events
Yang et al. Cyberattacks detection and analysis in a network log system using XGBoost with ELK stack
US20240020459A1 (en) Using machine learning to predict performance of secure documents
US11194969B2 (en) Managing dialog comments
RU2669172C2 (en) Method and monitoring system of web-site consistency
RU2745362C1 (en) System and method of generating individual content for service user
WO2020227525A1 (en) Visit prediction
US11140108B1 (en) Intelligent distribution of media data in a computing environment
CN101410835A (en) Client category configuration
Mahinda User evaluation of the performance of information systems

Legal Events

Date Code Title Description
STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO PAY ISSUE FEE