公开(公告)号：US11075930B1

公开(公告)日：2021-07-27

申请号：US16020896

申请日：2018-06-27

申请人： FireEye, Inc.

发明人： Jijo Xavier ,  Robert Venal

IPC分类号： H04L29/06 ,  H04L12/58

摘要： According to one embodiment, a system for detecting an email campaign includes feature extraction logic, pre-processing logic, campaign analysis logic and a reporting engine. The feature extraction logic obtains features from each of a plurality of malicious email messages received for analysis while the pre-processing logic generates a plurality of email representations that are arranged in an ordered sequence and correspond to the plurality of malicious email message. The campaign analysis logic determines the presence of an email campaign in response to a prescribed number of successive email representations being correlated to each other, where the results of the email campaign detection are provided to a security administrator via the reporting engine.

公开(公告)号：US11003773B1

公开(公告)日：2021-05-11

申请号：US15942082

申请日：2018-03-30

申请人： FireEye, Inc.

发明人： Chunsheng Fang ,  Wei Quan ,  Richard Lai ,  Robert Venal ,  Benjamin Chang

IPC分类号： G06F21/56 ,  G06F21/55 ,  G06K9/62 ,  H04L29/06 ,  G06N20/00

摘要： A method for generating rule recommendation utilized in a creation of malware detection rules is described. Meta-information associated with a plurality of events collected during a malware detection analysis of an object by a cybersecurity system is received and a first plurality of features is selected from the received meta-information. Machine learning (ML) models are applied to each of the first plurality of features to generate a score that represents a level of maliciousness for the feature and thereby a degree of usefulness of the feature in classifying the object as malicious or benign. Thereafter, a second plurality of features is selected as the salient features, which are used in creation of the malware detection rules in controlling subsequent operations of the cybersecurity system. The second plurality of features being lesser in number that the first plurality of features.

公开(公告)号：US11882140B1

公开(公告)日：2024-01-23

申请号：US17385835

申请日：2021-07-26

申请人： FireEye, Inc.

发明人： Jijo Xavier ,  Robert Venal

IPC分类号： H04L9/40 ,  H04L51/212

CPC分类号： H04L63/1425 ,  H04L51/212 ,  H04L63/20

摘要： According to one embodiment, a system for detecting an email campaign includes feature extraction logic, pre-processing logic, campaign analysis logic and a reporting engine. The feature extraction logic obtains features from each of a plurality of malicious email messages received for analysis while the pre-processing logic generates a plurality of email representations that are arranged in an ordered sequence and correspond to the plurality of malicious email message. The campaign analysis logic determines the presence of an email campaign in response to a prescribed number of successive email representations being correlated to each other, where the results of the email campaign detection are provided to a security administrator via the reporting engine.