公开(公告)号：US11431738B2

公开(公告)日：2022-08-30

申请号：US16927427

申请日：2020-07-13

Applicant: Abnormal Security Corporation

Inventor： Sanjay Jeyakumar ,  Jeshua Alexis Bratman ,  Dmitry Chechik ,  Abhijit Bagri ,  Evan James Reiser ,  Sanny Xiao Yang Liao ,  Yu Zhou Lee ,  Carlos Daniel Gasperi ,  Kevin Lau ,  Kai Jing Jiang ,  Su Li Debbie Tan ,  Jeremy Kao ,  Cheng-Lin Yeh

IPC: H04L29/06 ,  G06F16/958 ,  G06N20/00 ,  G06F16/951 ,  G06Q10/10 ,  G06F16/955 ,  H04L9/40

Abstract: Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.

公开(公告)号：US11336666B2

公开(公告)日：2022-05-17

申请号：US16927427

申请日：2020-07-13

Applicant: Abnormal Security Corporation

Inventor： Sanjay Jeyakumar ,  Jeshua Alexis Bratman ,  Dmitry Chechik ,  Abhijit Bagri ,  Evan James Reiser ,  Sanny Xiao Yang Liao ,  Yu Zhou Lee ,  Carlos Daniel Gasperi ,  Kevin Lau ,  Kai Jing Jiang ,  Su Li Debbie Tan ,  Jeremy Kao ,  Cheng-Lin Yeh

IPC: H04L29/06 ,  G06F16/958 ,  G06N20/00 ,  G06F16/951 ,  G06Q10/10 ,  G06F16/955

Abstract: Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.

公开(公告)号：US20240291834A1

公开(公告)日：2024-08-29

申请号：US18617282

申请日：2024-03-26

Applicant: Abnormal Security Corporation

Inventor： Sanjay Jeyakumar ,  Jeshua Alexis Bratman ,  Dmitry Chechik ,  Abhijit Bagri ,  Evan Reiser ,  Sanny Xiao Lang Liao ,  Yu Zhou Lee ,  Carlos Daniel Gasperi ,  Kevin Lau ,  Kai Jing Jiang ,  Su Li Debbie Tan ,  Jeremy Kao ,  Cheng-Lin Yeh

IPC: H04L9/40 ,  G06F16/951 ,  G06F16/955 ,  G06F16/958 ,  G06N20/00 ,  G06Q10/107

CPC classification number: H04L63/1416 ,  G06F16/951 ,  G06F16/9558 ,  G06F16/986 ,  G06N20/00 ,  G06Q10/107 ,  H04L63/1483

Abstract: Access to emails delivered to an employee of an enterprise is received. An incoming email addressed to the employee is acquired. A primary attribute is extracted from the incoming email by parsing at least one of: (1) content of the incoming email or (2) metadata associated with the incoming email. It is determined whether the incoming email deviates from past email activity, at least in part by determining, as a secondary attribute, a mismatch between a previous value for the primary attribute and a current value for the primary attribute, using a communication profile associated with the employee, and providing a measured deviation to at least one machine learning model.

公开(公告)号：US11381581B2

公开(公告)日：2022-07-05

申请号：US16927427

申请日：2020-07-13

Applicant: Abnormal Security Corporation

Inventor： Sanjay Jeyakumar ,  Jeshua Alexis Bratman ,  Dmitry Chechik ,  Abhijit Bagri ,  Evan James Reiser ,  Sanny Xiao Yang Liao ,  Yu Zhou Lee ,  Carlos Daniel Gasperi ,  Kevin Lau ,  Kai Jing Jiang ,  Su Li Debbie Tan ,  Jeremy Kao ,  Cheng-Lin Yeh

IPC: H04L29/06 ,  G06F16/958 ,  G06N20/00 ,  G06F16/951 ,  G06Q10/10 ,  G06F16/955 ,  H04L9/40

Abstract: Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.

公开(公告)号：US11252189B2

公开(公告)日：2022-02-15

申请号：US17155843

申请日：2021-01-22

Applicant: Abnormal Security Corporation

Inventor： Evan James Reiser ,  Jeremy Kao ,  Cheng-Lin Yeh ,  Yea So Jung ,  Kai Jing Jiang ,  Abhijit Bagri ,  Su Li Debbie Tan ,  Venkatram Krishnamoorthi ,  Fang Shuo Deng

IPC: H04L29/06 ,  G06F16/9035 ,  G06Q10/10

Abstract: Introduced here are computer programs and computer-implemented techniques for discovering malicious emails and then remediating the threat posed by those malicious emails in an automated manner. A threat detection platform may monitor a mailbox to which employees of an enterprise are able to forward emails deemed to be suspicious for analysis. This mailbox may be referred to as an “abuse mailbox” or “phishing mailbox.” The threat detection platform can examine emails contained in the abuse mailbox and then determine whether any of those emails represent threats to the security of the enterprise. For example, the threat detection platform may classify each email contained in the abuse mailbox as being malicious or non-malicious. Thereafter, the threat detection platform may determine what remediation actions, if any, are appropriate for addressing the threat posed by those emails determined to be malicious.

公开(公告)号：US20210273976A1

公开(公告)日：2021-09-02

申请号：US17155843

申请日：2021-01-22

Applicant: Abnormal Security Corporation

Inventor： Evan James Reiser ,  Jeremy Kao ,  Cheng-Lin Yeh ,  Yea So Jung ,  Kai Jing Jiang ,  Abhijit Bagri ,  Su Li Debbie Tan ,  Venkatram Krishnamoorthi ,  Fang Shuo Deng

IPC: H04L29/06 ,  G06Q10/10 ,  G06F16/9035

Abstract: Introduced here are computer programs and computer-implemented techniques for discovering malicious emails and then remediating the threat posed by those malicious emails in an automated manner. A threat detection platform may monitor a mailbox to which employees of an enterprise are able to forward emails deemed to be suspicious for analysis. This mailbox may be referred to as an “abuse mailbox” or “phishing mailbox.” The threat detection platform can examine emails contained in the abuse mailbox and then determine whether any of those emails represent threats to the security of the enterprise. For example, the threat detection platform may classify each email contained in the abuse mailbox as being malicious or non-malicious. Thereafter, the threat detection platform may determine what remediation actions, if any, are appropriate for addressing the threat posed by those emails determined to be malicious.

公开(公告)号：US20240187450A1

公开(公告)日：2024-06-06

申请号：US18443055

申请日：2024-02-15

Applicant: Abnormal Security Corporation

Inventor： Evan Reiser ,  Jeremy Kao ,  Cheng-Lin Yeh ,  Yea So Jung ,  Kai Jing Jiang ,  Abhijit Bagri ,  Su Li Debbie Tan ,  Venkat Krishnamoorthi ,  Fang Shuo Deng

IPC: H04L9/40 ,  G06F16/9035 ,  G06Q10/107

CPC classification number: H04L63/1483 ,  G06F16/9035 ,  G06Q10/107 ,  H04L63/1416 ,  H04L63/1425

Abstract: It is determined that a first email is present in a mailbox where emails deemed suspicious are placed for analysis. In response to determining that the first email is present in the mailbox, it is determined whether the first email is representative of a threat to an enterprise based at least in part by applying a trained model to the first email. In response to determining that the first email represents a threat to the enterprise, a record of the threat is generated by populating a data structure with information related to the first email. The data structure is applied to inboxes of a plurality of the employees to determine whether the first email is part of a campaign. In response to determining that the first email is part of a campaign, a filter associated with the data structure is applied to inbound emails addressed to employees of the enterprise.

公开(公告)号：US11824870B2

公开(公告)日：2023-11-21

申请号：US16672854

申请日：2019-11-04

Applicant: Abnormal Security Corporation

Inventor： Sanjay Jeyakumar ,  Jeshua Alexis Bratman ,  Dmitry Chechik ,  Abhijit Bagri ,  Evan James Reiser ,  Sanny Xiao Yang Liao ,  Yu Zhou Lee ,  Carlos Daniel Gasperi ,  Kevin Lau ,  Kai Jing Jiang ,  Su Li Debbie Tan ,  Jeremy Kao ,  Cheng-Lin Yeh

IPC: H04L9/40 ,  G06F21/56

CPC classification number: H04L63/1416 ,  G06F21/561 ,  H04L63/123 ,  H04L63/145 ,  H04L63/1433 ,  H04L63/1475

Abstract: Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.

公开(公告)号：US11552969B2

公开(公告)日：2023-01-10

申请号：US17498273

申请日：2021-10-11

Applicant: Abnormal Security Corporation

Inventor： Sanjay Jeyakumar ,  Jeshua Alexis Bratman ,  Dmitry Chechik ,  Abhijit Bagri ,  Evan Reiser ,  Sanny Xiao Lang Liao ,  Yu Zhou Lee ,  Carlos Daniel Gasperi ,  Kevin Lau ,  Kai Jing Jiang ,  Su Li Debbie Tan ,  Jeremy Kao ,  Cheng-Lin Yeh

IPC: H04L9/40 ,  G06F21/56

Abstract: Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.

公开(公告)号：US20210329035A1

公开(公告)日：2021-10-21

申请号：US17361106

申请日：2021-06-28

Applicant: Abnormal Security Corporation

Inventor： Sanjay Jeyakumar ,  Jeshua Alexis Bratman ,  Dmitry Chechik ,  Abhijit Bagri ,  Evan James Reiser ,  Sanny Xiao Yang Liao ,  Yu Zhou Lee ,  Carlos Daniel Gasperi ,  Kevin Lau ,  Kai Jing Jiang ,  Su Li Debbie Tan ,  Jeremy Kao ,  Cheng-Lin Yeh

IPC: H04L29/06 ,  G06N20/00

Abstract: Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.