-
公开(公告)号:US08291065B2
公开(公告)日:2012-10-16
申请号:US11537641
申请日:2006-09-30
申请人: Joshua T. Goodman , Paul S Rehfuss , Robert L. Rounthwaite , Manav Mishra , Geoffrey J Hulten , Kenneth G Richards , Aaron H Averbuch , Anthony P. Penta , Roderict C. Deyo
发明人: Joshua T. Goodman , Paul S Rehfuss , Robert L. Rounthwaite , Manav Mishra , Geoffrey J Hulten , Kenneth G Richards , Aaron H Averbuch , Anthony P. Penta , Roderict C. Deyo
IPC分类号: G06F15/173
CPC分类号: H04L63/1408 , H04L63/1441 , H04L63/1483
摘要: Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain. In another embodiment, a Web browsing application receives content, such as data for a Web page, from a network-based resource, such as a Web site or domain. The Web browsing application initiates a display of the content, and a phishing detection module detects a phishing attack in the content by determining that a domain of the network-based resource is similar to a known phishing domain, or that an address of the network-based resource from which the content is received has suspicious network properties.
摘要翻译: 描述网络钓鱼检测,预防和通知。 在一个实施例中,消息收发应用促进通过消息收发用户界面的通信,并从域接收诸如电子邮件消息之类的通信。 钓鱼检测模块通过确定域与已知的网络钓鱼域相似,或通过检测域的可疑网络属性来检测通信中的网络钓鱼攻击。 在另一个实施例中,Web浏览应用程序从基于网络的资源(诸如网站或域)接收诸如网页的数据的内容。 Web浏览应用程序启动内容的显示,并且网络钓鱼检测模块通过确定基于网络的资源的域类似于已知的网络钓鱼域来检测内容中的网络钓鱼攻击,或者网络 - 收到内容的基于资源的资源具有可疑的网络属性。
-
公开(公告)号:US07634810B2
公开(公告)日:2009-12-15
申请号:US11129222
申请日:2005-05-13
申请人: Joshua T. Goodman , Paul S Rehfuss , Robert L. Rounthwaite , Manav Mishra , Geoffrey J Hulten , Kenneth G Richards , Aaron H Averbuch , Anthony P. Penta , Roderic C Deyo
发明人: Joshua T. Goodman , Paul S Rehfuss , Robert L. Rounthwaite , Manav Mishra , Geoffrey J Hulten , Kenneth G Richards , Aaron H Averbuch , Anthony P. Penta , Roderic C Deyo
CPC分类号: H04L63/1416 , H04L51/12 , H04L63/1466 , H04L63/1483
摘要: Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain. In another embodiment, a Web browsing application receives content, such as data for a Web page, from a network-based resource, such as a Web site or domain. The Web browsing application initiates a display of the content, and a phishing detection module detects a phishing attack in the content by determining that a domain of the network-based resource is similar to a known phishing domain, or that an address of the network-based resource from which the content is received has suspicious network properties.
摘要翻译: 描述网络钓鱼检测,预防和通知。 在一个实施例中,消息收发应用促进通过消息收发用户界面的通信,并从域接收诸如电子邮件消息之类的通信。 钓鱼检测模块通过确定域与已知的网络钓鱼域相似,或通过检测域的可疑网络属性来检测通信中的网络钓鱼攻击。 在另一个实施例中,Web浏览应用程序从基于网络的资源(诸如网站或域)接收诸如网页的数据的内容。 Web浏览应用程序启动内容的显示,并且网络钓鱼检测模块通过确定基于网络的资源的域类似于已知的网络钓鱼域来检测内容中的网络钓鱼攻击,或者网络 - 收到内容的基于资源的资源具有可疑的网络属性。
-
公开(公告)号:US07409708B2
公开(公告)日:2008-08-05
申请号:US10856978
申请日:2004-05-28
申请人: Joshua T Goodman , Robert L Rounthwaite , Geoffrey J Hulten , John A Deurbrouck , Manav Mishra , Anthony P Penta
发明人: Joshua T Goodman , Robert L Rounthwaite , Geoffrey J Hulten , John A Deurbrouck , Manav Mishra , Anthony P Penta
IPC分类号: H04L29/00
CPC分类号: H04L51/12 , G06Q10/107
摘要: Disclosed are systems and methods that facilitate spam detection and prevention at least in part by building or training filters using advanced IP address and/or URL features in connection with machine learning techniques. A variety of advanced IP address related features can be generated from performing a reverse IP lookup. Similarly, many different advanced URL based features can be created from analyzing at least a portion of any one URL detected in a message.
摘要翻译: 公开了至少部分地通过使用与机器学习技术相关联的高级IP地址和/或URL特征来构建或训练过滤器来促进垃圾邮件检测和预防的系统和方法。 可以通过执行反向IP查找来生成各种高级IP地址相关功能。 类似地,可以通过分析消息中检测到的任何一个URL的至少一部分来创建许多不同的基于高级URL的特征。
-
公开(公告)号:US07908328B1
公开(公告)日:2011-03-15
申请号:US11023293
申请日:2004-12-27
申请人: Geoffrey J Hulten , Anthony P. Penta , David Maxwell Chickering , Eliot C. Gillum , Gopalakrishnan Seshadrinathan , Jay T. Buckingham , Joshua T. Goodman , Paul S Rehfuss , Robert L. Rounthwaite , Ryan C Colvin
发明人: Geoffrey J Hulten , Anthony P. Penta , David Maxwell Chickering , Eliot C. Gillum , Gopalakrishnan Seshadrinathan , Jay T. Buckingham , Joshua T. Goodman , Paul S Rehfuss , Robert L. Rounthwaite , Ryan C Colvin
IPC分类号: G06F15/16
CPC分类号: H04L51/12
摘要: Identification of email forwarders is described. In an implementation, a method includes using heuristics to identify email forwarders for use in a reputation system for locating spammers. In another implementation, a method includes determining a likelihood that a particular Internet Protocol (IP) address corresponds to an email forwarder and processing email originating from the particular IP address based on the determined likelihood. In a further implementation, a method includes collecting heuristic data that describes characteristics of emails sent from one or more Internet Protocol (IP) addresses and constructing a model from the heuristic data for identifying whether at least one of the IP address is an email forwarder. In yet a further implementation, a method includes identifying that a particular Internet Protocol (IP) address likely corresponds to an email forwarder and processing email from the particular IP address based on an implied sender of the email.
摘要翻译: 描述电子邮件转发器的识别。 在一个实现中,一种方法包括使用启发式方法来识别在信誉系统中用于定位垃圾邮件发送者的电子邮件转发器。 在另一实施方式中,一种方法包括确定特定因特网协议(IP)地址对应于电子邮件转发器的可能性,以及基于所确定的可能性处理来自该特定IP地址的电子邮件。 在另一实现中,一种方法包括收集启发式数据,该启发式数据描述从一个或多个因特网协议(IP)地址发送的电子邮件的特征,并根据启发式数据构建模型,用于识别IP地址中的至少一个是电子邮件转发器。 在又一个实现中,一种方法包括识别特定的因特网协议(IP)地址可能对应于电子邮件转发器,并且基于电子邮件的隐含发送者从特定IP地址处理电子邮件。
-
公开(公告)号:US08065370B2
公开(公告)日:2011-11-22
申请号:US11265842
申请日:2005-11-03
申请人: Geoffrey J Hulten , Gopalakrishnan Seshadrinathan , Joshua T. Goodman , Manav Mishra , Robert C J Pengelly , Robert L. Rounthwaite , Ryan C Colvin
发明人: Geoffrey J Hulten , Gopalakrishnan Seshadrinathan , Joshua T. Goodman , Manav Mishra , Robert C J Pengelly , Robert L. Rounthwaite , Ryan C Colvin
IPC分类号: G06F15/16
摘要: Embodiments of proofs to filter spam are presented herein. Proofs are utilized to indicate a sender used a set amount of computer resources in sending a message in order to demonstrate the sender is not a “spammer”. Varying the complexity of the proofs, or the level of resources used to send the message, will indicate to the recipient the relative likelihood the message is spam. Higher resource usage indicates that the message may not be spam, while lower resource usage increases the likelihood a message is spam. Also, if the recipient requires a higher level of proof than received, the receiver may request the sender send additional proof to verify the message is not spam.
摘要翻译: 这里介绍了过滤垃圾邮件的示例的实施例。 证明用于指示发送者在发送消息时使用一定数量的计算机资源,以证明发件人不是“垃圾邮件发送者”。 改变证据的复杂性或用于发送消息的资源的级别将向接收者指示消息是垃圾邮件的相对可能性。 更高的资源使用率表示该邮件可能不是垃圾邮件,而较低的资源使用量增加了邮件是垃圾邮件的可能性。 另外,如果接收方需要比接收的更高级别的证明,则接收者可以请求发送者发送附加证明来验证该消息不是垃圾邮件。
-
公开(公告)号:US07603422B2
公开(公告)日:2009-10-13
申请号:US11023049
申请日:2004-12-27
IPC分类号: G06F15/16
CPC分类号: H04L51/12 , G06Q10/107
摘要: Secure safe sender lists are described. In an implementation, a method includes determining which of a plurality of hierarchical levels corresponds to a message received via a network. Each of the hierarchical level is defined by mechanisms for identifying a sender of the message. The message is routed according to the corresponding one of the hierarchical levels.
摘要翻译: 描述安全的发件人列表。 在实现中,一种方法包括确定多个分层级别中的哪一个级别对应于经由网络接收的消息。 每个层级由用于标识消息的发送者的机制来定义。 该消息根据相应的一个层级进行路由。
-
公开(公告)号:US07599993B1
公开(公告)日:2009-10-06
申请号:US11023284
申请日:2004-12-27
IPC分类号: G06F15/16
CPC分类号: H04L51/12 , G06Q10/107 , H04L63/101
摘要: Secure safe sender lists are described. In an implementation, a method includes examining a message received from a sender via a network to determine which identifying mechanisms are available for verifying an identity of the sender. When one or more available identifying mechanisms are deemed sufficient to verify the identity, a description of the identity and a description of the one or more said available identifying mechanisms are added to a safe senders list.
摘要翻译: 描述安全的发件人列表。 在实现中,一种方法包括:经由网络检查从发送者接收的消息,以确定哪些识别机制可用于验证发送者的身份。 当一个或多个可用的识别机制被认为足以验证身份时,身份的描述和一个或多个所述可用识别机制的描述被添加到安全发件人列表中。
-
公开(公告)号:US07689652B2
公开(公告)日:2010-03-30
申请号:US11031672
申请日:2005-01-07
IPC分类号: G06F15/16 , G06F15/173
CPC分类号: H04L51/28 , H04L29/1215 , H04L51/12 , H04L61/1564 , H04L63/0227 , H04L63/1441
摘要: Email spam filtering is performed based on a combination of IP address and domain. When an email message is received, an IP address and a domain associated with the email message are determined. A cross product of the IP address (or portions of the IP address) and the domain (or portions of the domain) is calculated. If the email message is known to be either spam or non-spam, then a spam score based on the known spam status is stored in association with each (IP address, domain) pair element of the cross product. If the spam status of the email message is not known, then the (IP address, domain) pair elements of the cross product are used to lookup previously determined spam scores. A combination of the previously determined spam scores is used to determine whether or not to treat the received email message as spam.
摘要翻译: 电子邮件垃圾邮件过滤是基于IP地址和域名的组合来执行的。 当接收到电子邮件消息时,确定与电子邮件消息相关联的IP地址和域。 计算IP地址(或IP地址的部分)和域(或域的部分)的交叉乘积。 如果电子邮件消息被称为垃圾邮件或非垃圾邮件,则根据已知垃圾邮件状态的垃圾邮件分数与交叉产品的每个(IP地址,域)对元素相关联地存储。 如果电子邮件的垃圾邮件状态未知,则交叉产品的(IP地址,域)对元素将用于查找先前确定的垃圾邮件分数。 使用先前确定的垃圾邮件分数的组合来确定是否将接收的电子邮件消息视为垃圾邮件。
-
9.发明授权公开(公告)号:US07899866B1
公开(公告)日:2011-03-01
申请号:US11027895
申请日:2004-12-31
CPC分类号: H04L51/12
摘要: Email spam filtering is performed based on a sender reputation and message features. When an email message is received, a preliminary spam determination is made based, at least in part, on a combination of a reputation associated with the sender of the email message and one or more features of the email message. If the preliminary spam determination indicates that the message is spam, then a secondary spam determination is made based on one or more features of the received email message. If both the preliminary and secondary spam determinations indicate that the received email message is likely spam, then the message is treated as spam.
摘要翻译: 基于发件人信誉和消息功能执行电子邮件过滤。 当接收到电子邮件消息时,至少部分地基于与电子邮件消息的发送者与电子邮件消息的一个或多个特征相关联的信誉的组合来进行初步垃圾邮件确定。 如果初步垃圾邮件确定指示该消息是垃圾邮件,则基于所接收的电子邮件消息的一个或多个特征进行辅助垃圾邮件确定。 如果初步和次要垃圾邮件确定都指示接收的电子邮件可能是垃圾邮件,则该邮件被视为垃圾邮件。
-
公开(公告)号:US07664819B2
公开(公告)日:2010-02-16
申请号:US10879626
申请日:2004-06-29
申请人: Elissa E. Murphy , Joshua T Goodman , Derek M Hazeur , Robert L Rounthwaite , Geoffrey J Hulten
发明人: Elissa E. Murphy , Joshua T Goodman , Derek M Hazeur , Robert L Rounthwaite , Geoffrey J Hulten
CPC分类号: G06Q10/107 , H04L51/12
摘要: The present invention provides a unique system and method that facilitates incrementally updating spam filters in near real time or real time. Incremental updates can be generated in part by difference learning. Difference learning involves training a new spam filter based on new data and then looking for the differences between the new spam filter and the existing spam filter. Differences can be determined at least in part by comparing the absolute values of parameter changes (weight changes of a feature between the two filters). Other factors such as frequency of parameters can be employed as well. In addition, available updates with respect to particular features or messages can be looked up using one or more lookup tables or databases. When incremental and/or feature-specific updates are available, they can be downloaded such as by a client for example. Incremental updates can be automatically provided or can be provided by request according to client or server preferences.
摘要翻译: 本发明提供了一种独特的系统和方法,其便于实时或实时地逐渐更新垃圾邮件过滤器。 增量更新可以通过差异学习部分产生。 差异学习涉及到根据新数据来培训新的垃圾邮件过滤器,然后寻找新的垃圾邮件过滤器和现有的垃圾邮件过滤器之间的差异。 差异可以至少部分地通过比较参数变化的绝对值(两个滤波器之间的特征的权重变化)来确定。 也可以使用诸如参数频率的其他因素。 此外,可以使用一个或多个查找表或数据库查找关于特定特征或消息的可用更新。 当增量和/或功能特定的更新可用时,可以例如通过客户端下载它们。 增量更新可以自动提供,也可以根据客户端或服务器的偏好请求提供。
-
-
-
-
-
-
-
-
-
搜索结果
19 条记录 (耗时 0.042 秒)
