Search

US-12626257-B2 - Intelligent technical protocol based approach leveraging AI-ML to block vishing scammers

US12626257B2US 12626257 B2US12626257 B2US 12626257B2US-12626257-B2

Abstract

Systems and methods detect and prevent vishing attacks through an integrated framework combining SIP header customization, STIR/SHAKEN frameworks, AI/ML analysis, and real-time speech analysis using the Viterbi algorithm. The system begins with call initiation, embedding authentication information in the SIP header. The SIP data is transmitted and verified using STIR/SHAKEN frameworks, ensuring the authenticity of the caller's identity. Verified data is cross-referenced with third-party databases and analyzed by an AI/ML engine to detect anomalies. If potential fraud is detected, the call is blocked, and the customer is notified. Calls that pass initial checks are further analyzed using the Viterbi algorithm, which converts speech to text and identifies suspicious patterns. An anomaly pattern detector processes the converted text to detect vishing indicators, terminating the call if a match is found. This multi-layered approach ensures robust protection against vishing, enhancing the security and reliability of voice communications while safeguarding users from fraud.

Inventors

  • Sivashalini Sivajothi
  • Maneesh Kumar Sethia
  • Boddu Vikas Teja
  • Ankit Kumar Sahoo

Assignees

  • BANK OF AMERICA CORPORATION

Dates

Publication Date
20260512
Application Date
20240703

Claims (20)

  1. 1 . An information-security method for detecting and preventing vishing attacks, comprising the steps of: initiating a call and sending a Session Initiation Protocol (SIP) invite from an originating service provider, wherein the SIP invite includes detailed authentication information in a SIP header comprising caller identity, caller location, and call initiation timestamp; transmitting call data using a Secure Telephone Identity Revisited and Signature-based Handling of Asserted Information Using toKENS (STIR/SHAKEN) framework, which employs digital certificates to verify authenticity of a calling number, ensuring that a caller ID has not been spoofed; receiving SIP data at a destination service provider and verifying the call data that has been transmitted using a verification service, which decodes the SIP header containing a JSON web token (JWT) with attestation details, origin and destination identifiers, and timestamps, to confirm validity of the calling number; cross-referencing the SIP data as verified with a Caller Name (CNAM) database to retrieve additional caller identification information; storing verified SIP data and CNAM information in a third-party database for further analysis, ensuring that all authentication and verification details are available for subsequent processing; analyzing the SIP data and CNAM information using an artificial intelligence and machine learning (AI/ML) engine to detect anomalies comprising calls from blocked regions, abnormal call durations, and new calls from unusual locations, by comparing the SIP data against known patterns of legitimate and fraudulent calls; blocking the call and notifying a customer if the AI/ML engine detects potential fraud based on the analysis of the SIP data and CNAM information, preventing the fraudulent call from reaching the customer; allowing the call to proceed if the AI/ML engine is indecisive and performing real-time speech analysis using a Viterbi algorithm, which converts spoken language into text by determining a most probable sequence of states given a sequence of observed acoustic features, including phonemes and words; processing converted text along with the SIP data and CNAM information using an anomaly pattern detector to identify vishing patterns comprising sudden spikes in call volume, typical vishing patterns, differences in voice signal ranges, and requests for sensitive information, by analyzing both linguistic content and call metadata; terminating the call and informing the customer if the anomaly pattern detector identifies a match with known vishing patterns, thereby preventing continuation of the call and alerting the customer to an attempted scam; and continuing to monitor and process the call if no suspicious patterns are detected, ensuring ongoing security by periodically re-evaluating the call data and updating the AI/ML engine with new information to adapt to evolving vishing tactics.
  2. 2 . The information-security method of claim 1 , wherein the detailed authentication information in the SIP header further includes full attestation, partial attestation, or gateway attestation based on a level of verification performed on the caller identity, with the full attestation indicating a highest level of confidence in the authenticity in the caller.
  3. 3 . The information-security method of claim 2 , wherein the STIR/SHAKEN framework uses public key cryptography to generate the digital certificates that are used to verify the authenticity of the calling number, ensuring that the calling number cannot be easily spoofed by malicious actors.
  4. 4 . The information-security method of claim 3 , wherein the verification service at the destination service provider utilizes a certificate repository to validate the digital certificates included in the SIP header, comparing the digital certificates against trusted sources to ensure validity.
  5. 5 . The information-security method of claim 4 , wherein the third-party database is a cloud-based application integrated with a telephone service provider to store detailed authentication and verification data for real-time and post-call analysis, enabling continuous monitoring and rapid response to detected anomalies.
  6. 6 . The information-security method of claim 5 , wherein the AI/ML engine continuously learns from new data and evolving threat patterns to improve accuracy in detecting anomalies, incorporating feedback from previously detected fraudulent calls to enhance predictive capabilities.
  7. 7 . The information-security method of claim 6 , wherein the Viterbi algorithm integrates acoustic models, language models, and pronunciation models to accurately transcribe and analyze speech in real-time, providing a detailed linguistic analysis that helps identify suspicious conversational patterns.
  8. 8 . The information-security method of claim 7 , wherein the anomaly pattern detector uses machine learning techniques to recognize known vishing patterns based on the text as converted and SIP data, identifying specific indicators of fraudulent activity comprising urgent requests for personal information or inconsistencies in speech of the caller.
  9. 9 . The information-security method of claim 8 , wherein the customer is notified of a potential fraud attempt through an alert message sent to a device upon call termination, including details of a detected threat and recommendations for further actions to protect information.
  10. 10 . The information-security method of claim 9 , wherein continuous monitoring and processing of the call involve periodic re-analysis of the call data to ensure ongoing security against vishing attacks, updating the AI/ML engine with latest threat intelligence and adapting to new scam tactics.
  11. 11 . An information-security system for detecting and preventing vishing attacks, comprising: an originating service provider configured to initiate a call and send a Session Initiation Protocol (SIP) invite, wherein the SIP invite includes detailed authentication information in a header comprising caller identity, caller location, and call initiation timestamp; a Secure Telephone Identity Revisited and Signature-based Handling of Asserted Information Using toKENS (STIR/SHAKEN) framework integrated with the originating service provider, configured to transmit call data and employ digital certificates to verify authenticity of a calling number, ensuring that a caller ID has not been spoofed; a destination service provider configured to receive SIP data and verify the call data that has been transmitted using a verification service, wherein the verification service decodes the SIP header containing a JSON web token (JWT) with attestation details, origin and destination identifiers, and timestamps to confirm validity of the calling number; a Caller Name (CNAM) database configured to cross-reference the call data as verified and retrieve additional caller identification information; a third-party database integrated with the destination service provider, configured to store verified SIP data and CNAM information for further analysis; an artificial intelligence and machine learning (AI/ML) engine configured to analyze the SIP data and CNAM information to detect anomalies comprising calls from blocked regions, abnormal call durations, and new calls from unusual locations, by comparing the SIP data against known patterns of legitimate and fraudulent calls; a call blocking module integrated with the AI/ML engine, configured to block the call and notify a customer if the AI/ML engine detects potential fraud based on the analysis of the SIP data and CNAM information; a speech analysis module configured to allow the call to proceed if the AI/ML engine is indecisive, and perform real-time speech analysis using a Viterbi algorithm, which converts a spoken language into text by determining a most probable sequence of states given a sequence of observed acoustic features, including phonemes and words; an anomaly pattern detector integrated with the speech analysis module, configured to process the text that was converted along with the SIP data and CNAM information to identify vishing patterns comprising sudden spikes in call volume, typical vishing patterns, differences in voice signal ranges, and requests for sensitive information, by analyzing both linguistic content and call metadata; a call termination module configured to terminate the call and inform the customer if the anomaly pattern detector identifies a match with known vishing patterns, thereby preventing continuation of the call and alerting the customer to an attempted scam; and a continuous monitoring module configured to monitor and process the call if no suspicious patterns are detected, ensuring ongoing security by periodically re-evaluating the call data and updating the AI/ML engine with new information to adapt to evolving vishing tactics.
  12. 12 . The information-security system of claim 11 , wherein the detailed authentication information in the SIP header further includes full attestation, partial attestation, or gateway attestation based on a level of verification performed on the caller identity, with the full attestation indicating a highest level of confidence in the authenticity of the caller.
  13. 13 . The information-security system of claim 12 , wherein the STIR/SHAKEN framework uses public key cryptography to generate the digital certificates that are used to verify the authenticity of the calling number, ensuring that the calling number cannot be easily spoofed by malicious actors.
  14. 14 . The information-security system of claim 13 , wherein the verification service at the destination service provider utilizes a certificate repository to validate the digital certificates included in the SIP header, comparing the digital certificates against trusted sources to ensure validity.
  15. 15 . The information-security system of claim 14 , wherein the third-party database is a cloud-based application integrated with a telephone service provider to store detailed authentication and verification data for real-time and post-call analysis, enabling continuous monitoring and rapid response to detected anomalies.
  16. 16 . The information-security system of claim 15 , wherein the AI/ML engine continuously learns from new data and evolving threat patterns to improve accuracy in detecting anomalies, incorporating feedback from previously detected fraudulent calls to enhance predictive capabilities.
  17. 17 . The information-security system of claim 16 , wherein the Viterbi algorithm integrates acoustic models, language models, and pronunciation models to accurately transcribe and analyze speech in real-time, providing a detailed linguistic analysis that helps identify suspicious conversational patterns.
  18. 18 . The information-security system of claim 17 , wherein the anomaly pattern detector uses machine learning techniques to recognize known vishing patterns based on the text that was converted and SIP data, identifying specific indicators of fraudulent activity comprising urgent requests for personal information or inconsistencies in speech of the caller.
  19. 19 . The information-security system of claim 18 , wherein the customer is notified of a potential fraud attempt through an alert message sent to device upon call termination, including details of a detected threat and recommendations for further actions to protect information.
  20. 20 . An information-security method for detecting and preventing vishing attacks, comprising the steps of: initiating a call and sending a Session Initiation Protocol (SIP) invite from an originating service provider, wherein the SIP invite includes detailed authentication information in a SIP header; transmitting call data using a Secure Telephone Identity Revisited and Signature-based Handling of Asserted Information Using toKENS (STIR/SHAKEN) framework, which employs digital certificates to verify authenticity of a calling number; receiving SIP data at a destination service provider and verifying the call data that has been transmitted using a verification service, which decodes the SIP header containing a JSON web token (JWT) with attestation details; storing the SIP data as verified in a third-party database for further analysis; analyzing the SIP data using an artificial intelligence and machine learning (AI/ML) engine to detect anomalies comprising calls from blocked regions, abnormal call durations, and new calls from unusual locations; blocking the call and notifying a customer if the AI/ML engine detects potential fraud; allowing the call to proceed if the AI/ML engine is indecisive and performing real-time speech analysis using a Viterbi algorithm, which converts a spoken language into text; processing the text as converted along with the SIP data using an anomaly pattern detector to identify vishing patterns comprising sudden spikes in call volume, typical vishing patterns, differences in voice signal ranges, and requests for sensitive information; terminating the call and informing the customer if the anomaly pattern detector identifies a match with known vishing patterns; and continuing to monitor and process the call if no suspicious patterns are detected, ensuring ongoing security.

Description

TECHNICAL FIELD The invention pertains to information security, specifically focusing on the prevention and management of unauthorized data access and fraudulent activities through telecommunications systems, including systems and methods for protecting against the unauthorized access of data or resources and securing communication channels. This invention addresses these issues by utilizing an advanced artificial intelligence and machine learning framework to analyze and authenticate the identity and intentions of callers in real-time. By integrating with telecommunications technologies such as Session Initiation Protocol (SIP) and leveraging security protocols like STIR/SHAKEN for digital validation of call origins, the invention provides a robust solution to detect, prevent, and block voice phishing (vishing) attempts. This proactive approach ensures the security of sensitive personal and financial information against fraudulent activities conducted via phone calls, thereby enhancing the overall integrity and security of telecommunication practices. DESCRIPTION OF THE RELATED ART Vishing, or voice phishing, has become a significant threat in the digital era, particularly in the financial sector. This form of scam involves fraudsters posing as legitimate entities to extract sensitive information from unsuspecting victims over phone calls. These scammers are adept at attacking the anonymity afforded by telecommunications technologies, such as Voice over Internet Protocol (VoIP), to mask their true identities and locations. Their strategies often involve inducing a false sense of urgency or employing subtle threats, compelling individuals to divulge personal data, which can lead to significant financial losses and breaches of privacy. The tactics used by vishing perpetrators have evolved to become highly sophisticated. They often begin their scams by establishing trust, using personal information sourced from the dark web or other illicit channels to sound convincing. By appearing credible, they manipulate victims into sharing confidential information like social security numbers, bank account details, and passwords. This information is then used for fraudulent activities, leading to financial attacks on the victims. Current technological measures to combat vishing are insufficient. Traditional security systems and caller identification technologies often fail to detect or block these fraudulent calls effectively. This inadequacy leaves consumers vulnerable to scams, resulting in continuous financial losses and a significant breach of personal security. The limitations of existing solutions highlight the need for a more robust mechanism that can adapt to the evolving tactics of scammers. One of the major challenges in tackling vishing is the use of VoIP systems by scammers, which allow them to make calls inexpensively from anywhere in the world, often completely bypassing conventional monitoring and tracking systems. These systems enable scammers to present any chosen phone number on the recipient's caller ID, making fraudulent calls appear as though they are coming from a trusted source such as a bank, a credit card company, or a government institution. The complexity of the telecommunications infrastructure further complicates the issue. Calls can pass through multiple networks and service providers before reaching their final destination, making it difficult to trace the origin and verify the authenticity of a call. This lack of transparency in the call's provenance is a critical gap that scammers target to their advantage. Moreover, the reactive nature of current anti-vishing systems means that they often only identify, and block known scam numbers after fraud has been reported. This method is inherently flawed as it fails to prevent the initial wave of scams from new or previously unreported numbers, thereby allowing significant damage before any protective action can be taken. Another limitation is the lack of integration between different anti-fraud systems and telecommunications technologies. Current solutions do not adequately share information about emerging threats or suspicious patterns, which reduces the overall effectiveness of the anti-vishing measures. This lack of coordinated defense makes it easier for scammers to modify their strategies and continue targeting victims. Furthermore, many existing systems rely heavily on user awareness and the ability to recognize fraudulent calls, which is not always feasible. Individuals vary greatly in their ability to detect scams, and fraudsters continuously refine their techniques to sound more convincing. This reliance on user vigilance places undue burden on the public and is not a sustainable or foolproof solution to the problem of vishing. Finally, the long-felt need to address these vulnerabilities has led to a demand for a solution capable of proactively identifying and blocking fraudulent calls before they reach potential victims. Such a system