Patent attributes
A computerized method for detecting premium attacks by an attack classification system is described. Based on received analytic information, the attack classification system generates logical representations for different portions of the analytic information represented as a nodal graph. The logical representations include objects, properties, and relationships between the objects and the properties. The attack classification system filters at least one relationship from the relationships and forms a first cluster further filtering the relationships. Being a logical representation of objects, properties and the remaining relationships, the first cluster is analyzed to determine features and introduce the features into the nodal graph. An analysis of the features determines whether the objects, properties and relationships forming the first cluster are associated with a premium attack by at least applying rule-based constraints to the features of the first cluster to determine whether they correspond to cluster features commonly present in premium attacks.
