公开(公告)号：US20240291834A1

公开(公告)日：2024-08-29

申请号：US18617282

申请日：2024-03-26

Applicant: Abnormal Security Corporation

Inventor： Sanjay Jeyakumar ,  Jeshua Alexis Bratman ,  Dmitry Chechik ,  Abhijit Bagri ,  Evan Reiser ,  Sanny Xiao Lang Liao ,  Yu Zhou Lee ,  Carlos Daniel Gasperi ,  Kevin Lau ,  Kai Jing Jiang ,  Su Li Debbie Tan ,  Jeremy Kao ,  Cheng-Lin Yeh

IPC: H04L9/40 ,  G06F16/951 ,  G06F16/955 ,  G06F16/958 ,  G06N20/00 ,  G06Q10/107

CPC classification number: H04L63/1416 ,  G06F16/951 ,  G06F16/9558 ,  G06F16/986 ,  G06N20/00 ,  G06Q10/107 ,  H04L63/1483

Abstract: Access to emails delivered to an employee of an enterprise is received. An incoming email addressed to the employee is acquired. A primary attribute is extracted from the incoming email by parsing at least one of: (1) content of the incoming email or (2) metadata associated with the incoming email. It is determined whether the incoming email deviates from past email activity, at least in part by determining, as a secondary attribute, a mismatch between a previous value for the primary attribute and a current value for the primary attribute, using a communication profile associated with the employee, and providing a measured deviation to at least one machine learning model.

公开(公告)号：US20240289449A1

公开(公告)日：2024-08-29

申请号：US18620303

申请日：2024-03-28

Applicant: Abnormal Security Corporation

Inventor： Lei Xu ,  Jeshua Alexis Bratman

IPC: G06F21/55

CPC classification number: G06F21/554 ,  G06F2221/031

Abstract: A generated training set comprising a plurality of training samples is received. The generated training set includes at least one training sample constructed using one or more linguistic hints, comprising at least one keyword of phrase, about an attack for which malicious textual communications associated with the attack, when processed by a natural language processing model could be classified as benign textual communications before being trained using the generated training set. The natural language processing model is trained at least in part by using the generated training set, wherein the trained natural language processing model is configured to determine a likelihood that a received communication transmitted by a sender to a recipient poses a risk.

公开(公告)号：US11971985B2

公开(公告)日：2024-04-30

申请号：US17871765

申请日：2022-07-22

Applicant: Abnormal Security Corporation

Inventor： Lei Xu ,  Jeshua Alexis Bratman

IPC: G06F21/55

CPC classification number: G06F21/554 ,  G06F2221/031

Abstract: Adapting detection of security threats, including by retraining computer-implemented models is disclosed. An indication is received that a natural language processing model should be retrained. A list of training samples is generated that includes at least one synthetic training sample. The natural language processing model is retrained at least in part by using the set of generated training samples. The retrained natural language processing model is used to determine a likelihood that a message poses a risk.

公开(公告)号：US11483344B2

公开(公告)日：2022-10-25

申请号：US17401143

申请日：2021-08-12

Applicant: Abnormal Security Corporation

Inventor： Jeshua Alexis Bratman ,  Yu Zhou Lee ,  Lawrence Stockton Moore ,  Rami Faris Habal ,  Lei Xu

IPC: H04L9/40 ,  G06Q10/10 ,  G06Q10/06 ,  H04L67/30 ,  G06F16/335 ,  H04L51/212 ,  H04L51/214 ,  H04L67/50 ,  G06F16/25

Abstract: Introduced here are computer programs and computer-implemented techniques for generating and then managing a federated database that can be used to ascertain the risk in interacting with vendors. At a high level, the federated database allows knowledge regarding the reputation of vendors to be shared amongst different enterprises with which those vendors may interact. A threat detection platform may utilize the federated database when determining how to handle incoming emails from vendors.

公开(公告)号：US11470108B2

公开(公告)日：2022-10-11

申请号：US17239152

申请日：2021-04-23

Applicant: Abnormal Security Corporation

Inventor： Yu Zhou Lee ,  Lawrence Stockton Moore ,  Jeshua Alexis Bratman ,  Lei Xu ,  Sanjay Jeyakumar

IPC: H04L29/06 ,  H04L9/40 ,  H04L51/08 ,  H04L51/212

Abstract: Introduced here are computer programs and computer-implemented techniques for detecting instances of external fraud by monitoring digital activities that are performed with accounts associated with an enterprise. A threat detection platform may determine the likelihood that an incoming email is indicative of external fraud based on the context and content of the incoming email. For example, to understand the risk posed by an incoming email, the threat detection platform may seek to determine not only whether the sender normally communicates with the recipient, but also whether the topic is one normally discussed by the sender and recipient. In this way, the threat detection platform can establish whether the incoming email deviates from past emails exchanged between the sender and recipient.

公开(公告)号：US11381581B2

公开(公告)日：2022-07-05

申请号：US16927427

申请日：2020-07-13

Applicant: Abnormal Security Corporation

Inventor： Sanjay Jeyakumar ,  Jeshua Alexis Bratman ,  Dmitry Chechik ,  Abhijit Bagri ,  Evan James Reiser ,  Sanny Xiao Yang Liao ,  Yu Zhou Lee ,  Carlos Daniel Gasperi ,  Kevin Lau ,  Kai Jing Jiang ,  Su Li Debbie Tan ,  Jeremy Kao ,  Cheng-Lin Yeh

IPC: H04L29/06 ,  G06F16/958 ,  G06N20/00 ,  G06F16/951 ,  G06Q10/10 ,  G06F16/955 ,  H04L9/40

Abstract: Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.

公开(公告)号：US20210272066A1

公开(公告)日：2021-09-02

申请号：US17185570

申请日：2021-02-25

Applicant: Abnormal Security Corporation

Inventor： Jeshua Alexis Bratman ,  Yu Zhou Lee ,  Lawrence Stockton Moore ,  Rami Faris Habal ,  Lei Xu

IPC: G06Q10/10 ,  G06Q10/06 ,  H04L29/06

Abstract: Introduced here are computer programs and computer-implemented techniques for generating and then managing a federated database that can be used to ascertain the risk in interacting with vendors. At a high level, the federated database allows knowledge regarding the reputation of vendors to be shared amongst different enterprises with which those vendors may interact. A threat detection platform may utilize the federated database when determining how to handle incoming emails from vendors.

公开(公告)号：US20210266294A1

公开(公告)日：2021-08-26

申请号：US17094801

申请日：2020-11-10

Applicant: Abnormal Security Corporation

Inventor： Dmitry Chechik ,  Umut Gultepe ,  Raphael Kargon ,  Jeshua Alexis Bratman ,  Cheng-Lin Yeh ,  Sanny Xiao Lang Liao ,  Erin Elisabeth Edkins Ludert ,  Sanjay Jeyakumar

IPC: H04L29/06 ,  H04L12/58

Abstract: Introduced here are threat detection platforms designed to discover possible instances of email account compromise in order to identify threats to an enterprise. In particular, a threat detection platform can examine the digital activities performed with the email accounts associated with employees of the enterprise to determine whether any email accounts are exhibiting abnormal behavior. Examples of digital activities include the reception of an incoming email, transmission of an outgoing email, creation of a mail filter, and occurrence of a sign-in event (also referred to as a “login event”). Thus, the threat detection platform can monitor the digital activities performed with a given email account to determine the likelihood that the given email account has been compromised.

公开(公告)号：US11831661B2

公开(公告)日：2023-11-28

申请号：US17831335

申请日：2022-06-02

Applicant: Abnormal Security Corporation

Inventor： Yu Zhou Lee ,  Micah J. Zirn ,  Umut Gultepe ,  Jeshua Alexis Bratman ,  Michael Douglas Kralka ,  Cheng-Lin Yeh ,  Dmitry Chechik ,  Sanjay Jeyakumar

IPC: H04L9/40 ,  H04L51/212 ,  H04L51/08

CPC classification number: H04L63/1416 ,  H04L51/08 ,  H04L51/212 ,  H04L63/145 ,  H04L63/20

Abstract: A plurality of features associated with a message are determined. At least one feature included in the plurality of features is associated with a payload of the message. A determination is made that supplemental analysis should be performed on the message. The determination is based at least in part on performing behavioral analysis using at least some of the features included in the plurality of features. Supplemental analysis is performed.

公开(公告)号：US11704406B2

公开(公告)日：2023-07-18

申请号：US17942931

申请日：2022-09-12

Applicant: Abnormal Security Corporation

Inventor： Yu Zhou Lee ,  Kai Jiang ,  Su Li Debbie Tan ,  Geng Sng ,  Cheng-Lin Yeh ,  Lawrence Stockton Moore ,  Sanny Xiao Lang Liao ,  Joey Esteban Cerquera ,  Jeshua Alexis Bratman ,  Sanjay Jeyakumar ,  Nishant Bhalchandra Karandikar

IPC: G06F21/55

CPC classification number: G06F21/552 ,  G06F2221/034

Abstract: Deriving and surfacing insights regarding security threats is disclosed. A plurality of features associated with a message is determined. A plurality of facet models is used to analyze the determined features. Based at least in part on the analysis, it is determined that the message poses a security threat. A prioritized set of information is determined to be provided as output that is representative of why the message was determined to pose a security threat. At least a portion of the prioritized set of information is provided as output.