Search

US-12627634-B2 - Systems and methods for artificial traffic detection

US12627634B2US 12627634 B2US12627634 B2US 12627634B2US-12627634-B2

Abstract

Systems and methods for analyzing communication traffic may include receiving message events, aggregating the message events to generate aggregated message events, receiving a destination address, performing traffic analysis for the destination address based on the aggregated message events, wherein the traffic analysis comprises determining an analyzer score for each of the message events associated with the destination address, calculating a risk score based on the analyzer score for each of the message events associated with the destination address; and performing a risk action for the destination address based on the risk score.

Inventors

  • Jasmina ŠESTAN
  • Timotej JARC
  • Dario Filipović

Assignees

  • Infobip Ltd.

Dates

Publication Date
20260512
Application Date
20230427

Claims (20)

  1. 1 . A method for analyzing traffic data, the method comprising: receiving message events; aggregating the message events to generate aggregated message events; receiving a destination address; performing traffic analysis for the destination address based on the aggregated message events, wherein the traffic analysis comprises determining, using an overall machine learning model, a respective analyzer score for each of the aggregated message events associated with the destination address, wherein the overall machine learning model is configured to output the respective analyzer score for each of the aggregated message events based on outputs of a plurality of criteria machine learning models; calculating a risk score based on the respective analyzer score for each of the aggregated message events associated with the destination address; performing a risk action for the destination address based on the risk score; receiving updated analyzer scores for one or more of the aggregated message events; calculating an updated risk score based on the updated analyzer scores, wherein calculating the updated risk score is triggered in response to receiving the updated analyzer scores for one or more of the aggregated message events; and providing the updated risk score via an application programming interface.
  2. 2 . The method of claim 1 , wherein the message events are received from a streaming system, and wherein the destination address represents a phone number.
  3. 3 . The method of claim 1 , wherein aggregating the message events comprises indexing the message events and storing the indexed message events at a database.
  4. 4 . The method of claim 1 , wherein aggregating the message events comprises associating at least a subset of the message events with a respective brand.
  5. 5 . The method of claim 1 , wherein performing the risk action comprises transmitting the risk score to a client.
  6. 6 . The method of claim 1 , wherein performing the risk action comprises automatically blocking a destination address based on the risk score exceeding a risk score threshold.
  7. 7 . The method of claim 1 , wherein performing the risk action comprises flagging a destination address for more frequent risk score calculation than a current frequency.
  8. 8 . A system comprising: a data storage device storing processor-readable instructions; and a processor operatively connected to the data storage device and configured to execute the instructions to perform operations that include: receiving message events; aggregating the message events to generate aggregated message events; receiving a destination address; performing traffic analysis for the destination address based on the aggregated message events, wherein the traffic analysis comprises determining, using an overall machine learning model, a respective analyzer score for each of the aggregated message events associated with the destination address, wherein the overall machine learning model is configured to output the respective analyzer score for each of the aggregated message events based on outputs of a plurality of criteria machine learning models; calculating a risk score based on the respective analyzer score for each of the aggregated message events associated with the destination address; performing a risk action for the destination address based on the risk score; receiving updated analyzer scores for one or more of the aggregated message events; calculating an updated risk score based on the updated analyzer scores, wherein calculating the updated risk score is triggered in response to receiving the updated analyzer scores for one or more of the aggregated message events; and providing the updated risk score via an application programming interface.
  9. 9 . The system of claim 8 , wherein the message events are received from a streaming system, and wherein the destination address represents a phone number.
  10. 10 . The system of claim 8 , wherein aggregating the message events comprises indexing the message events and storing the indexed message events at a database.
  11. 11 . The system of claim 8 , wherein aggregating the message events comprises associating at least a subset of the message events with a respective brand.
  12. 12 . The system of claim 8 , wherein performing the risk action comprises transmitting the risk score to a client.
  13. 13 . The system of claim 8 , wherein performing the risk action comprises automatically blocking a destination address based on the risk score exceeding a risk score threshold.
  14. 14 . A method for managing traffic data, the method comprising: receiving a request for a risk score for a destination address; identifying aggregated message events stored in a database and associated with the destination address; receiving a respective analyzer score for each of the aggregated message events, each respective analyzer score output by an overall machine learning model, the overall machine learning model outputting the analyzer scores based on outputs of a plurality of criteria machine learning models; calculating a risk score for the destination address based on the respective analyzer score for each of the aggregated message events; providing the risk score via an application programing interface (API); receiving updated analyzer scores for one or more of the aggregated message events; calculating an updated risk score based on the updated analyzer scores, wherein calculating the updated risk score is triggered in response to receiving the updated analyzer scores for one or more of the aggregated message events; and providing the updated risk score via the API.
  15. 15 . The method of claim 14 , wherein the plurality of criteria machine learning models are configured to generate a criteria machine learning output based on one or more of a traffic burst, a prefix range, a conversion information, a delivery rate, a message destination time clustering, a destination number of messages, a message frequency, a suspicious range, a destination type, a destination locale, a network anomaly, a brand interaction, a ported destination, an initiated message, or a client classification.
  16. 16 . The method of claim 14 , wherein one of the overall machine learning model or the plurality of criteria machine learning models is trained based on historical or simulated data.
  17. 17 . The method of claim 14 , wherein the request for a risk score is received via the API.
  18. 18 . The method of claim 14 , wherein the destination address represents a telephone number.
  19. 19 . A method for managing traffic data, the method comprising: receiving a request for a risk score for a destination address; identifying message events stored in a database and associated with the destination address; receiving analyzer scores for each of the message events, each analyzer score of the analyzer scores output by an overall machine learning model, the overall machine learning model outputting the analyzer scores based on outputs of a plurality of criteria machine learning models; calculating a risk score for the destination address based on the analyzer scores for each of the message events; providing the risk score via an application programming interface (API); receiving updated analyzer scores for one or more of the message events; calculating an updated risk score based on the updated analyzer scores, wherein calculating the updated risk score is triggered in response to receiving the updated analyzer scores for one or more of the message events; and providing the updated risk score via the API.
  20. 20 . The method of claim 19 , wherein the request for a risk score is received via the API.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application claims priority to U.S. Provisional Application No. 63/493,351 filed Mar. 31, 2023, the entire disclosure of which is hereby incorporated by reference in its entirety. TECHNICAL FIELD Various embodiments of the present disclosure relate generally to identifying risk associated with communication traffic and, more specifically, to determining risk scores for destination addresses (e.g., phone numbers). BACKGROUND Communication databases often include a large volume of recipient addresses (e.g., phone numbers) that can be added to the communication databases from various sources. Often, such recipient addresses include valid recipient addresses (e.g., corresponding to user devices) as well as artificial addresses (e.g., corresponding to non-user devices, to spoofed addresses, to fraudulent addresses, etc.). Transmitting communication to such artificial addresses can be resource intensive and/or can reduce a trust rating of an entity transmitting such messages. The background description provided herein is for the purpose of generally presenting the context of the disclosure. Unless otherwise indicated herein, the materials described in this section are not prior art to the claims in this application and are not admitted to be prior art, or suggestions of the prior art, by inclusion in this section. SUMMARY OF THE DISCLOSURE According to certain aspects of the disclosure, methods and systems are disclosed for identifying risk associated with communication traffic. In one aspect, an exemplary embodiment of a method for analyzing communication traffic may include receiving message events; aggregating the message events to generate aggregated message events; receiving a destination address; performing traffic analysis for the destination address based on the aggregated message events, wherein the traffic analysis comprises determining an analyzer score for each of the message events associated with the destination address; calculating a risk score based on the analyzer score for each of the message events associated with the destination address; and performing a risk action for the destination address based on the risk score. In another aspect, an exemplary embodiment of a system may include a data storage device storing processor-readable instructions and a processor operatively connected to the data storage device and configured to execute the instructions to perform operations that may include receiving message events; aggregating the message events to generate aggregated message events; receiving a destination address; performing traffic analysis for the destination address based on the aggregated message events, wherein the traffic analysis comprises determining an analyzer score for each of the message events associated with the destination address; calculating a risk score based on the analyzer score for each of the message events associated with the destination address; and performing a risk action for the destination address based on the risk score. In another aspect, an exemplary embodiment of a method for managing traffic may include receiving a request for a risk score for a destination address; identifying message events stored in a database and associated with the destination address; receiving analyzer scores for each of the message events, each analyzer score of the analyzer scores output by an overall machine learning model, the overall machine learning model outputting the analyzer scores based on outputs of a plurality of criteria machine learning models; calculating a risk score for the destination address based on the analyzer scores for each of the message events; and providing the risk score via an application programing interface (API). It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosed embodiments, as claimed. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate various exemplary embodiments and together with the description, serve to explain the principles of the disclosed embodiments. FIG. 1A depicts an exemplary system diagram for communication traffic analysis, according to one or more embodiments. FIG. 1B depicts another exemplary system diagram for communication traffic analysis, according to one or more embodiments. FIG. 2 depicts a system environment for communication traffic analysis, according to one or more embodiments. FIG. 3A depicts a flowchart for communication traffic analysis, according to one or more embodiments. FIG. 3B depicts a flowchart for managing traffic data, according to one or more embodiments. FIG. 4 depicts a flow diagram for training a machine learning model, according to one or more embodiments. FIG. 5 depicts an example of a computing system, according to one or more embodiments. DET