CPC H04L 63/1425 (2013.01) [G06F 16/2379 (2019.01); G06F 16/9024 (2019.01)] | 20 Claims |
1. A method for use in identifying suspicious network entity groups from a dataset of entity information in a multi-view graph, each node of the multi-view graph corresponding to a network entity identifier, each view of the multi-view graph corresponding to an attribute identifier, the method comprising:
selecting, by a processor, from the multi-view graph, a multi-view sub-graph corresponding to a subset of network entities and a subset of views;
updating, by the processor, the selected multi-view sub-graph by adding or subtracting at least one of an entity to the subset of network entities or a view to the subset of views;
determining, by the processor, a suspiciousness value for the updated multi-view subgraph; and
identifying, by the processor, the subset of network entities for the selected multi-view sub-graph as a suspicious network entity group if the suspiciousness value for the updated multi-view sub-graph does not exceed a previously determined suspiciousness value for the selected multi-view sub-graph.
|