| CPC H04L 63/1433 (2013.01) [G06Q 20/382 (2013.01); H04L 63/1466 (2013.01)] | 20 Claims |
|
1. A system for detecting anomalies in Automated Teller Machines (ATMs), comprising:
a memory operable to store a plurality of baseline features associated with a plurality of ATMs, wherein:
each set of baseline features from the plurality of baseline features is associated with a particular ATM;
each set of baseline features represents a unique electrical signature of electrical components of a particular ATM when the particular ATM is initiated to operate;
the unique electrical signature of the electrical components comprises at least one of expected electrical signal patterns communicated between the electrical components and expected electromagnetic radiation patterns propagated from the electrical components;
the plurality of baseline features comprises:
a first set of baseline features associated with a first ATM; and
a second set of baseline features associated with a second ATM;
a processor, operably coupled with the memory, configured to:
receive a first set of signals from the first ATM, wherein the first set of signals comprises:
intercommunication signals between electrical components of the first ATM; and
expected serial numbers associated the with the electrical components of the first ATM;
extract a first set of test features from the first set of signals, wherein the first set of test features indicates a test profile of the electrical components of the first ATM while the first ATM is in operation and an unverified serial number associated with a particular component from among the electrical components of the first ATM;
compare the first set of test features with the first set of baseline features;
determine whether there is a deviation between the first set of test features and the first set of baseline features, wherein determining whether there is the deviation between the first set of test features and the first set of baseline features comprises:
determine that the unverified serial number differs from the expected serial numbers;
determine whether more than a threshold percentage of test features from the first set of test features are not within a threshold range from corresponding baseline features from the first set of baseline features;
in response to determining that the unverified serial number differs from the expected serial numbers and that the deviation between the first set of test features and the first set of baseline features;
determine that the particular component is an unverified component;
determine that the first ATM is associated with a particular anomaly, wherein:
determining that the first ATM is associated with the particular anomaly comprises detecting an unexpected fluctuation in the electrical signal patterns and the electromagnetic radiation patterns in the first set of test features associated with the unverified electrical component with respect to the expected electrical signal patterns and the expected electromagnetic signal patterns in the first set of baseline features; and
the particular anomaly is associated with a security vulnerability making the first ATM vulnerable to unauthorized access;
receive a second set of signals from the second ATM, wherein the second set of signals comprises intercommunication signals between electrical components of the second ATM;
extract a second set of test features from the second set of signals, wherein the second set of test features indicates a profile of the electrical components of the second ATM while the second ATM is in operation;
compare the second set of test features with the second set of baseline features;
based at least in part comparing the second set of test features with the second set of baseline features, determine whether the deviation detected in the first ATM is detected in the second ATM; and
in response to determining that the deviation is detected in the second ATM, determine that the second ATM is associated with the particular anomaly.
|