Browse Prior Art Database

Method and Apparatus for Intentional Cognitive Engagement Extender

IP.com Disclosure Number: IPCOM000247821D
Publication Date: 2016-Oct-06
Document File: 3 page(s) / 41K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed are a method and apparatus that enable security threat detection and help thwart hack attempts by leveraging a cognitive decision engine, collecting more granular data by enabling lower level logs, and collecting more forensics data. The cognitive model is designed to continuously learn and refine future responses to suspicious user activity.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 01 of 3

Method and Apparatus for Intentional Cognitive Engagement Extender

Cognitive Entity (CE) models are enabled by Big Data and Machine Learning platforms and are designed to remember the past, interact with humans, develop the human-like capability to continuously learn, and refine responses for the future with increasing levels of prediction.

In the existing complex information technology (IT) systems landscape, it is very difficult for systems to detect suspicious or criminal activities (e.g., fraudulent attacks that take over a customer's account in a banking industry context). Financial institutions in particular put utmost priority on fraud detection and continuously evolve associated fraud management capabilities; however, the proliferation of digital- and Internet of Things (IoT)-led systems of engagement makes detection more difficult. This is a difficult problem due to the:


 Reduced ability to continuously prevent, monitor, and investigate IT crimes


 Lack of timely, actionable intelligence for enterprise-level command and control


 Limited capabilities to predict the velocity and veracity of such financial crime events

In reality, when humans sense a suspicious event or person, the following responses are common:


 Extend the conversation to understand and enable suitable direct or indirect actions


 Respond in a non-integral manner (intentionally)


 Not issue a response

The proposed novel method and apparatus define such capabilities in solutions. Such solutions can be rendered via multiple interfaces including robots, a text-based user interface (UI), or voice-based Interaction. The solution leverages cognitive capabilities to monitor, stretch, and collect more details during the suspect client interactions.

The system is comprised of a Cognitive Security Information Agent (CSIA) and a Cognitive Security Interaction Controller (CSIC). These components receive suspicious events and intentionally extend the response as follows:

1. Extend the transaction time (e.g., when user is operating on an automated teller machine (ATM))

2. Respond with a round-about route to reach the destination 3. Intentionally extend the conversation 4. Trigger more granular log collection and say forensic evidence depending upon the need

Figure: Subcomponent model

1


Page 02 of 3

The CSIC may be integrated with a Security Information and Event Management System (SIEM) such as IBM QRadar* or Suspect Event Listener* that listens to external and internal logs/feeds. When an SIEM identifies any suspect transaction or user, it can trigger the CSIC. The CSIC can be configured to continuously work for 24 hours a day, every day, or work during preset hours. For example, if a business' history shows that fraud transactions are high during a particular day or time, then...