RU2656583C1 - System of automated analysis of the facts - Google Patents

Abstract

FIELD: calculating; counting.

SUBSTANCE: invention relates to a system for verifying and analysing of social media user behavioural actions. System contains a common data bus module for social media input data receiving, an identification module for the type of event made by the user, a module for the user identifying and the data they entered, a module for the identification of information associated with the data entered by the user, depending on the type of event, a module for identification of information about the user's skills in the user-entered data and information associated with the user-entered data, a user profile module that associates information characterizing the user's skills with the profile of the identified user, an information processing module configured to, based on user input, information associated with user inputted data, user profile information that identifies the user, his skills, prescribe a certain level of threat to user actions, a displaying information module to display user profiles and their threat level.

EFFECT: technical result is an increase in the effectiveness of automated detection of behavioural risks of users of social media.

4 cl, 1 dwg

Description

FIELD OF TECHNOLOGY

The invention relates to information security technologies, which allows you to track the activity of company employees in social networks, forums, blogs, etc. outside the company's security perimeter and analyze the data obtained to prevent potential threats.

BACKGROUND

The closest analogue to the claimed solution is a system for monitoring user activity in a social network, taking into account pre-established monitoring criteria, described in US 2011113096 A1, publ. 05/12/2011. This system analyzes the content left by the user on his page, and if the content of the content is similar to the content of predetermined monitoring criteria, then the level of threat that is assigned to the user is determined.

A disadvantage of the known analogue is its low efficiency in providing security and identifying the threat level from the user due to the limited capabilities of the system, for example, the lack of the ability to analyze content taking into account information about the skills a user has, the ability to create conditions for matching with pre-established monitoring criteria, etc.

SUMMARY OF THE INVENTION

An object of the invention is to create a system of automated analysis of facts, which provides verification and analysis of the behavioral risks of users of social media, with flexible configuration of monitoring criteria and increased detection efficiency of threats emanating from the actions of employees in social media.

The technical result is to increase the efficiency of automated detection of behavioral risks of social media users by additional analysis of the information associated with the data entered by the user, taking into account the identified skills of the user.

To achieve this technical result, the system for verifying and analyzing the behavioral risks of users in social media contains:

module for receiving input data from social media;

a module for identifying the type of at least one event committed by at least one social media user;

a module for identifying at least one user and user-entered data, depending on the type of committed event;

a module for identifying information in the received input data associated with user-entered data, depending on the type of at least one event;

a module for identifying information characterizing user skills in user-entered data and in information associated with user-entered data for identifying information characterizing user skills;

a user profile module associating information characterizing a user's skills with an identified user profile containing information identifying a user and his skills;

an information processing module configured to, based on user input, information associated with user input, user profile information identifying the user, his skills, attribute a certain threat level to user actions;

information display module for displaying user profiles and their threat level.

Additionally, the information processing module may prescribe users a certain level of threat based on the absence of at least one user action on social media for a given period of time.

BRIEF DESCRIPTION OF THE DRAWINGS

For a better understanding of the essence of the invention and to more clearly show how it can be implemented, hereinafter, reference will be made, only as an example, to the accompanying drawings, on which:

FIG. 1 is a simplified diagram of a system 100 for verifying and analyzing the behavioral risks of users in social media.

DETAILED DESCRIPTION OF THE INVENTION

An example of the operation of the inventive system will now be described in detail with reference to FIG. 1, which presents a simplified diagram of a system 100 for verifying and analyzing the behavioral risks of users in social media.

The operation of the presented system 100 begins at the stage when information collected by various social media tracking and monitoring systems is received to the input module 1 from social media. The input data receiving module 1, in a particular embodiment, can be implemented on the basis of a server associated with social media tracking and monitoring systems that are associated with at least one social network server and / or systems based on a local and / or global network . Means and methods for implementing social media tracking and monitoring systems are widely known in the art and are further disclosed in the solution described in US 2011113096 A1, which is the closest analogue, and will not be described in more detail in this application.

These social media tracking and monitoring systems track the actions of users on social media, such as in contact, facebook, Instagram, twitter or classmates, etc., and collect information about user preferences (likes), individual messages on the forum or blog ( post), user-copied posts on his page (reposts), comments, search queries and account data. When tracking user actions, it also analyzes whether the action contains text elements. The user’s action, in a particular case, is to enter the text of the record that he is going to publish on social media, or the text added when sharing (sharing) someone else’s post, or the text of the comment, or the text of the document or resource to which the link is given, or expression of sympathy in the form of a mark “I like”, or entering a search query, etc.

The received information from social media to the input data receiving module 1 is further analyzed by the module to identify the type of at least one event 2 committed by at least one social media user. This module identifies whether an event committed on social media is, for example, a user posting a new post and / or document on a user’s page, in a user group or on any forum, posting comment text, and copying any post to his page (i.e. E. repost), etc. In this case, an event is understood as any change related to data entry made on social media, and by the type of event is an action that was perfect for the change (event) to take place. In particular, the type of event can be determined by the nature of the input data characteristic of the event, known in the prior art by methods described, for example, including in the document US 2011113096 A1.

Information from social media is also analyzed for the presence of data entered by at least one user in accordance with the type of a perfect event by means of an identification module of at least one user and data entered by a user 3 that initiated at least one event committed on a social network. For example, if the identification module of the type of at least one event 2 determines that the type of event is the placement of a comment or copying an entry on a user’s page, then the identification module of at least one user and the data entered by user 3 identifies the user who posted the comment or copied records (for example, repost), and also identifies the text that the user entered when posting a comment or when copying the mentioned record.

Similarly, the identification module of at least one user and the data entered by the user 3 identifies the user and the data entered by him, if the user noted on the page of another user any entry or comment - “I like” or entered a search query into any search engine. In this example, in accordance with a certain type of event, the user data entered will be information about the “I like” mark for the record or comment, or information of the search query.

Next, the information identification module associated with the user input 4, identifies information in the received input data associated with the user input, depending on the type of at least one event. If, for example, the type of event is to post a comment on a post on social media or copy this post to a page (repost), then the information associated with the data entered by the user will be the post text and the text in the title of the topic in which the post was posted. Also, the information associated with the data entered by the user may be the text of the comment of another user to whom the left comment is addressed, or the comments left by other users to the record that the user copied to his page. Accordingly, in the case when the event is the mark of the record “I like”, then the data associated with the data entered by the user will be the text of the record, including the names of the topic and user groups where this record is located. For an event such as the introduction of a search query, the data associated with the data entered by the user will be the results returned by the search query. The specified module also identifies the Internet resources viewed by the user by a search query and links to third-party resources that contain the viewed Internet resources.

Based on the data entered by the user and information associated with the data entered by the user, the information identification module 5 characterizing the user's skills, using linguistic analysis methods, identifies information characterizing the user's skills, and the user profile module 6 associates the identified information with the profile of the identified user. For example, if the user in the text of the commentary on the entry indicated that he has knowledge of a particular foreign language, then the module for identifying information 5 characterizing the user's skills, by means of linguistic analysis of the text, reveals this fact, and also determines what specific language the user possesses if the user text entered indicates a specific foreign language. Thus, the information identification module 5 characterizing the user's skills identifies any data on the skills with which the user associates himself in the posts, comments or comments on social media.

Accordingly, the user profile module 6 adds information to the user profile identified by the identification module of at least one user and user input 3, that the user has knowledge of a particular foreign language. User profiles are stored in a database of user profiles whose behavioral actions need to be monitored, and include user identification data, including geographic location, and information identifying the user, his interests and skills, for example, hobbies, knowledge of languages, professional skills, etc. . Information identifying the user in the user profile can also be entered manually before starting to monitor user behavior in social media and automatically supplemented by the claimed system using information, for example, placed in the profile of the social media user page. The user profile database may be part of the user profile module 6 or may be a separate element connected to a common data bus.

Information about the data entered by the user and information associated with the data entered by the user is supplied to the information processing module 7, which linguistically processes the received data and prescribes a certain level of threat to the user's behavioral action, for example, based on the coincidence of characters, words or a set of words contained in user-entered data, and in information associated with user-entered data. The set of conditions on the basis of which the information processing module 7 prescribes a certain level of threat to the user's behavioral action, is usually determined by the person interested in verifying the users, and can determine, for example, the conditions for the user to use specific characters, words or a set of words, or the user's transition to specific links to Internet resources or links to Internet resources containing symbols, words, a set of words, or links to other Internet resources specified by a set of conditions.

In an alternative implementation of the claimed solution, the set of conditions may also determine the conditions for the use of words or a set of words, or a set of characters in user-entered data or a user’s link to specific Internet resources depending on data associated with user-entered data, for example, conditions of use the user of a specific word or set of words in a specific topic containing a specific link or following a link to Internet resources containing the mentioned words or word collection, or character set. To ensure this task, the information processing module 7 is configured in such a way as to prescribe a certain level of threat to the actions of the user based on the data entered by the user depending on the information contained in the data associated with the data entered by the user.

When comparing words and a set of words with a predefined set of conditions, the information processing module 7 also takes into account user profile information and information about user skills. For example, the information processing module 7 compares the coincidence of the user's geographical location and his skills specified in the user's profile with a set of conditions when analyzing words and a set of words. For example, if a user has copied to his social media profile page a record whose linguistic processing has shown that this record of a future event on a specific topic in a foreign language and the geographical location of the event coincides with the geographical location specified in the user’s profile, moreover, the user’s profile also indicates that the user owns knowledge of this foreign language, then this user’s action to copy the record to th page will be prescribed by the level of threat, if a set of conditions defines the required level of threat in the case referred matches. In this example, the threat level can be assigned due to the fact that attending this event will be undesirable for a person or company initiating a check of the behavioral actions of users of this user. Also, an additional level of threat can be prescribed to the user on the basis of a linguistic analysis of the text of the record of a future event on a specific topic, taking into account a given set of conditions.

In another example implementation of the claimed solution, the identification module of the type of at least one event 2 determines the type of event - input user search query in the search system. Accordingly, the identification module of at least one user and user-entered data 3 identifies the user who entered the given search query and the terms contained in the search query, and the information identification module 4 associated with the user-entered data identifies links to Internet resources, that are issued for this search query, as well as information contained in these Internet resources.

Thus, the information processing module 7 carries out linguistic processing of the text contained in the mentioned Internet resources and the terms of the user search query, taking into account the information specified in the user profile to determine the level of threat. For example, if the information in the user’s profile indicates that the user initiating the search query has knowledge and skills in the field of chemistry, and the linguistic analysis performed indicates that the terms of the search query and information on the Internet resources issued for this search query character for the topic that describes the means and methods of creating prohibited substances, the information processing module 7 assigns this user a certain level of threat in accordance with the specified coincidence eniyami. As in the previous examples, these coincidences are determined by a set of conditions with which the information processing module 7 performs comparisons.

The information processing module 7 is also configured to instruct users a certain level of threat based on the lack of user actions in a given period of time, for example, the user has stopped accessing social media or leaving comments in the entries of specific groups. To ensure this task, the identification module 3 of at least one user and the data entered by the user, depending on the type of perfect event, additionally determines the time when this type of event took place. Subsequently, the time when the type of event took place is also entered into the user profile by the user profile module 6 and compared by the information processing module 7 with a set of conditions in which it is further determined to prescribe the threat level in the absence of a predetermined at least one user action for a given time . The set time is also set by the person implementing the set of conditions.

The threat level, in a particular case, may call to pay attention to the message or to the employee and may include categories: informative level, warning level or critical level. Additionally, in a set of conditions, conditions can be implemented in such a way as to ensure tracking in social media users if:

пользователь пишет оригинальные записи в социальных медиа на определенную тему;

the user writes original social media posts on a specific topic;

пользователь активно реагирует на определенную тему: сотрудник комментирует, «лайкает» или «расшаривает» запись (пост), принадлежащую определенной теме;

the user actively responds to a specific topic: the employee comments, “likes” or “shares” a post (post) that belongs to a specific topic;

пользователь ссылается на тему: ссылка внутри записи (поста) или комментария сотрудника ведет на ресурс или документ определенной тематики;

the user refers to the topic: the link inside the post (post) or employee’s comment leads to a resource or document of a certain subject;

пользователь ссылается на сайт из группы: ссылка внутри поста или комментария сотрудника ведет на ресурс, входящий в определенную группу сайтов;

the user refers to a site from a group: a link inside an employee’s post or comment leads to a resource belonging to a specific group of sites;

пользователь реагирует на пост аккаунта из группы: сотрудник комментирует, «лайкает» или «репостит» посты автора из определенной группы авторов.

the user responds to the post of an account from the group: the employee comments, “likes” or “reposts” the posts of the author from a certain group of authors.

The presented modules are made in the form of firmware, implemented on the basis of microprocessors, and could be implemented on the basis of a single computing device, such as a computer.

User profiles and their threat levels can be displayed on the information display module 8, made in the form of a user interface of a computing device. The user interface may include the following tabs for display:

- the “Events” tab, which displays the actions of users whose social network accounts are added to monitoring: their posts, comments on other people's posts, “I like” tags (likes) and reposts;

- the tab "Employees", showing the authors of the above actions, and they can be combined into groups, for example, by dividing by units within the company;

- “Overview” tab, showing activity graphs of selected employees with selected parameters.

The user interface also provides the following filtering options:

- search by keyword: only posts and comments containing words from the query remain;

- period: you can set the time for publication of a message, writing a comment or repost, moreover, a day, week, month, or an arbitrary period of time can be selected as a period;

- departments: you can select a specific group of employees or people whose actions you want to track;

- employees: shows the actions of only selected employees;

- platforms: allows you to track the actions of employees only on selected platforms, in particular: VKontakte, facebook, Instagram, twitter and classmates;

- threats: allows you to select messages with a specific threat level:

informative level (info), warning level (warning) or critical level (critical);

- rules: allows you to select messages that obey certain rules, which are registered separately;

- actions: allows you to select individual actions of employees, available actions: post, comment, like, share;

- post categories: allows you to select posts on a specific topic;

- post geography: allows you to select posts published in specific places;

- links: allows you to select messages with or without links;

- link site: allows you to select posts with links to a specific site;

- link category: allows you to select posts with a link to a site containing messages on a specific topic;

- link geography: allows you to specify the geography of the author, post or site to which they link.

Thus, by analyzing the information associated with the data entered by the user, taking into account the identified skills of the user, the efficiency of automated identification of the behavioral risks of social media users is increased.

Claims (12)

1. A system for verifying and analyzing the behavioral actions of users in social media, containing connected by a common data bus: module for receiving input data from social media; a module for identifying the type of at least one event committed by at least one social media user; a module for identifying at least one user and user-entered data, depending on the type of committed event; a module for identifying information associated with user-entered data in the received input data depending on the type of at least one event; a module for identifying information characterizing user skills in user-entered data and in information associated with user-entered data for identifying information characterizing user skills; a user profile module associating information characterizing a user's skills with an identified user profile containing information identifying a user and his skills; an information processing module configured, based on user input, information associated with user input, user profile information identifying the user, his skills, to prescribe a certain threat level to user actions; information display module for displaying user profiles and their threat level. 2. The system according to claim 1, characterized in that the information processing module prescribes a certain level of threat to the actions of the user on the basis of symbols, words or a set of words used by the user in the text, or the user's click on specific links to Internet resources. 3. The system according to claim 1, characterized in that the information processing module prescribes a certain level of threat to the actions of the user based on the data entered by the user depending on the information contained in the data associated with the data entered by the user. 4. The system according to claim 1, characterized in that the information processing module is further configured to instruct users a certain level of threat based on the absence of at least one user action on social media for a given period of time.

Images