	US 12,438,896 B2
	Method and system for detecting a cybersecurity breach
Cathal Smyth, Toronto (CA); Mahsa Golkar, Toronto (CA); James Ross, King City (CA); Sahar Rahmani, Toronto (CA); Vikash Yadav, Toronto (CA); Niloufar Afsariardchi, Montreal (CA); and Laureline Arnaud, Brossard (CA)
Assigned to Royal Bank of Canada, Toronto (CA)
Filed by Royal Bank of Canada, Toronto (CA)
Filed on Dec. 6, 2021, as Appl. No. 17/543,444.
Prior Publication US 2023/0179615 A1, Jun. 8, 2023
Int. Cl. H04L 9/40 (2022.01); G06F 16/901 (2019.01); H04L 29/06 (2006.01)

CPC H04L 63/1425 (2013.01) [G06F 16/9024 (2019.01); H04L 63/1416 (2013.01)]

19 Claims

1. A method comprising:

(a) obtaining electronic account data representative of accounts, wherein a first group of the accounts comprises one or more of the accounts flagged as being associated with a cybersecurity breach, and a second group of the accounts comprises a remainder of the accounts;

(b) generating from the account data nodes representing the accounts and edges based on account metadata that connect the nodes, wherein the generating comprises:

generating the nodes and edges for the first group of the accounts;

identifying from the account data at least some of the second group of the accounts sharing metadata with the first group of the accounts;

adding to the nodes and edges for the first group of the accounts the nodes for at least some of the second group of the accounts that share metadata with the first group of the accounts; and

generating the edges connecting the nodes for the first group of the accounts to the nodes for at least some of the second group of the accounts;

(c) determining, based on the nodes and edges, a ranking of the accounts comprising part of the second group indicative of a likelihood that the accounts of the second group are also associated with the cybersecurity breach; and

(d) based on the ranking, identifying which of the accounts of the second group satisfy a cybersecurity breach threshold.