-
公开(公告)号:US08291065B2
公开(公告)日:2012-10-16
申请号:US11537641
申请日:2006-09-30
申请人: Joshua T. Goodman , Paul S Rehfuss , Robert L. Rounthwaite , Manav Mishra , Geoffrey J Hulten , Kenneth G Richards , Aaron H Averbuch , Anthony P. Penta , Roderict C. Deyo
发明人: Joshua T. Goodman , Paul S Rehfuss , Robert L. Rounthwaite , Manav Mishra , Geoffrey J Hulten , Kenneth G Richards , Aaron H Averbuch , Anthony P. Penta , Roderict C. Deyo
IPC分类号: G06F15/173
CPC分类号: H04L63/1408 , H04L63/1441 , H04L63/1483
摘要: Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain. In another embodiment, a Web browsing application receives content, such as data for a Web page, from a network-based resource, such as a Web site or domain. The Web browsing application initiates a display of the content, and a phishing detection module detects a phishing attack in the content by determining that a domain of the network-based resource is similar to a known phishing domain, or that an address of the network-based resource from which the content is received has suspicious network properties.
摘要翻译: 描述网络钓鱼检测,预防和通知。 在一个实施例中,消息收发应用促进通过消息收发用户界面的通信,并从域接收诸如电子邮件消息之类的通信。 钓鱼检测模块通过确定域与已知的网络钓鱼域相似,或通过检测域的可疑网络属性来检测通信中的网络钓鱼攻击。 在另一个实施例中,Web浏览应用程序从基于网络的资源(诸如网站或域)接收诸如网页的数据的内容。 Web浏览应用程序启动内容的显示,并且网络钓鱼检测模块通过确定基于网络的资源的域类似于已知的网络钓鱼域来检测内容中的网络钓鱼攻击,或者网络 - 收到内容的基于资源的资源具有可疑的网络属性。
-
公开(公告)号:US07634810B2
公开(公告)日:2009-12-15
申请号:US11129222
申请日:2005-05-13
申请人: Joshua T. Goodman , Paul S Rehfuss , Robert L. Rounthwaite , Manav Mishra , Geoffrey J Hulten , Kenneth G Richards , Aaron H Averbuch , Anthony P. Penta , Roderic C Deyo
发明人: Joshua T. Goodman , Paul S Rehfuss , Robert L. Rounthwaite , Manav Mishra , Geoffrey J Hulten , Kenneth G Richards , Aaron H Averbuch , Anthony P. Penta , Roderic C Deyo
CPC分类号: H04L63/1416 , H04L51/12 , H04L63/1466 , H04L63/1483
摘要: Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain. In another embodiment, a Web browsing application receives content, such as data for a Web page, from a network-based resource, such as a Web site or domain. The Web browsing application initiates a display of the content, and a phishing detection module detects a phishing attack in the content by determining that a domain of the network-based resource is similar to a known phishing domain, or that an address of the network-based resource from which the content is received has suspicious network properties.
摘要翻译: 描述网络钓鱼检测,预防和通知。 在一个实施例中,消息收发应用促进通过消息收发用户界面的通信,并从域接收诸如电子邮件消息之类的通信。 钓鱼检测模块通过确定域与已知的网络钓鱼域相似,或通过检测域的可疑网络属性来检测通信中的网络钓鱼攻击。 在另一个实施例中,Web浏览应用程序从基于网络的资源(诸如网站或域)接收诸如网页的数据的内容。 Web浏览应用程序启动内容的显示,并且网络钓鱼检测模块通过确定基于网络的资源的域类似于已知的网络钓鱼域来检测内容中的网络钓鱼攻击,或者网络 - 收到内容的基于资源的资源具有可疑的网络属性。
-
公开(公告)号:US07908328B1
公开(公告)日:2011-03-15
申请号:US11023293
申请日:2004-12-27
申请人: Geoffrey J Hulten , Anthony P. Penta , David Maxwell Chickering , Eliot C. Gillum , Gopalakrishnan Seshadrinathan , Jay T. Buckingham , Joshua T. Goodman , Paul S Rehfuss , Robert L. Rounthwaite , Ryan C Colvin
发明人: Geoffrey J Hulten , Anthony P. Penta , David Maxwell Chickering , Eliot C. Gillum , Gopalakrishnan Seshadrinathan , Jay T. Buckingham , Joshua T. Goodman , Paul S Rehfuss , Robert L. Rounthwaite , Ryan C Colvin
IPC分类号: G06F15/16
CPC分类号: H04L51/12
摘要: Identification of email forwarders is described. In an implementation, a method includes using heuristics to identify email forwarders for use in a reputation system for locating spammers. In another implementation, a method includes determining a likelihood that a particular Internet Protocol (IP) address corresponds to an email forwarder and processing email originating from the particular IP address based on the determined likelihood. In a further implementation, a method includes collecting heuristic data that describes characteristics of emails sent from one or more Internet Protocol (IP) addresses and constructing a model from the heuristic data for identifying whether at least one of the IP address is an email forwarder. In yet a further implementation, a method includes identifying that a particular Internet Protocol (IP) address likely corresponds to an email forwarder and processing email from the particular IP address based on an implied sender of the email.
摘要翻译: 描述电子邮件转发器的识别。 在一个实现中,一种方法包括使用启发式方法来识别在信誉系统中用于定位垃圾邮件发送者的电子邮件转发器。 在另一实施方式中,一种方法包括确定特定因特网协议(IP)地址对应于电子邮件转发器的可能性,以及基于所确定的可能性处理来自该特定IP地址的电子邮件。 在另一实现中,一种方法包括收集启发式数据,该启发式数据描述从一个或多个因特网协议(IP)地址发送的电子邮件的特征,并根据启发式数据构建模型,用于识别IP地址中的至少一个是电子邮件转发器。 在又一个实现中,一种方法包括识别特定的因特网协议(IP)地址可能对应于电子邮件转发器,并且基于电子邮件的隐含发送者从特定IP地址处理电子邮件。
-
公开(公告)号:US07660865B2
公开(公告)日:2010-02-09
申请号:US10917077
申请日:2004-08-12
申请人: Geoffrey J. Hulten , Joshua T. Goodman , Robert L. Rounthwaite , Manav Mishra , Elissa E. Murphy , John D. Mehr
发明人: Geoffrey J. Hulten , Joshua T. Goodman , Robert L. Rounthwaite , Manav Mishra , Elissa E. Murphy , John D. Mehr
CPC分类号: H04L51/12 , H04L63/0227 , H04L63/123
摘要: Disclosed are signature-based systems and methods that facilitate spam detection and prevention at least in part by calculating hash values for an incoming message and then determining a probability that the hash values indicate spam. In particular, the signatures generated for each incoming message can be compared to a database of both spam and good signatures. A count of the number of matches can be divided by a denominator value. The denominator value can be an overall volume of messages sent to the system per signature for example. The denominator value can be discounted to account for different treatments and timing of incoming messages. Furthermore, secure hashes can be generated by combining portions of multiple hashing components. A secure hash can be made from a combination of multiple hashing components or multiple combinations thereof. The signature based system can also be integrated with machine learning systems to optimize spam prevention.
摘要翻译: 公开了基于签名的系统和方法,其至少部分地通过计算输入消息的散列值,然后确定散列值指示垃圾邮件的概率来促进垃圾邮件检测和预防。 特别地,为每个传入消息生成的签名可以与垃圾邮件和良好签名的数据库进行比较。 匹配次数的计数可以除以分母值。 分母值可以是例如每个签名发送到系统的消息的总体积。 分母值可以折扣,以解决传入消息的不同处理和时间。 此外,可以通过组合多个散列分量的部分来生成安全散列。 可以从多个散列组件或其多个组合的组合形成安全散列。 基于签名的系统也可以与机器学习系统集成,以优化垃圾邮件防范。
-
公开(公告)号:US08065370B2
公开(公告)日:2011-11-22
申请号:US11265842
申请日:2005-11-03
申请人: Geoffrey J Hulten , Gopalakrishnan Seshadrinathan , Joshua T. Goodman , Manav Mishra , Robert C J Pengelly , Robert L. Rounthwaite , Ryan C Colvin
发明人: Geoffrey J Hulten , Gopalakrishnan Seshadrinathan , Joshua T. Goodman , Manav Mishra , Robert C J Pengelly , Robert L. Rounthwaite , Ryan C Colvin
IPC分类号: G06F15/16
摘要: Embodiments of proofs to filter spam are presented herein. Proofs are utilized to indicate a sender used a set amount of computer resources in sending a message in order to demonstrate the sender is not a “spammer”. Varying the complexity of the proofs, or the level of resources used to send the message, will indicate to the recipient the relative likelihood the message is spam. Higher resource usage indicates that the message may not be spam, while lower resource usage increases the likelihood a message is spam. Also, if the recipient requires a higher level of proof than received, the receiver may request the sender send additional proof to verify the message is not spam.
摘要翻译: 这里介绍了过滤垃圾邮件的示例的实施例。 证明用于指示发送者在发送消息时使用一定数量的计算机资源,以证明发件人不是“垃圾邮件发送者”。 改变证据的复杂性或用于发送消息的资源的级别将向接收者指示消息是垃圾邮件的相对可能性。 更高的资源使用率表示该邮件可能不是垃圾邮件,而较低的资源使用量增加了邮件是垃圾邮件的可能性。 另外,如果接收方需要比接收的更高级别的证明,则接收者可以请求发送者发送附加证明来验证该消息不是垃圾邮件。
-
公开(公告)号:US07689652B2
公开(公告)日:2010-03-30
申请号:US11031672
申请日:2005-01-07
IPC分类号: G06F15/16 , G06F15/173
CPC分类号: H04L51/28 , H04L29/1215 , H04L51/12 , H04L61/1564 , H04L63/0227 , H04L63/1441
摘要: Email spam filtering is performed based on a combination of IP address and domain. When an email message is received, an IP address and a domain associated with the email message are determined. A cross product of the IP address (or portions of the IP address) and the domain (or portions of the domain) is calculated. If the email message is known to be either spam or non-spam, then a spam score based on the known spam status is stored in association with each (IP address, domain) pair element of the cross product. If the spam status of the email message is not known, then the (IP address, domain) pair elements of the cross product are used to lookup previously determined spam scores. A combination of the previously determined spam scores is used to determine whether or not to treat the received email message as spam.
摘要翻译: 电子邮件垃圾邮件过滤是基于IP地址和域名的组合来执行的。 当接收到电子邮件消息时,确定与电子邮件消息相关联的IP地址和域。 计算IP地址(或IP地址的部分)和域(或域的部分)的交叉乘积。 如果电子邮件消息被称为垃圾邮件或非垃圾邮件,则根据已知垃圾邮件状态的垃圾邮件分数与交叉产品的每个(IP地址,域)对元素相关联地存储。 如果电子邮件的垃圾邮件状态未知,则交叉产品的(IP地址,域)对元素将用于查找先前确定的垃圾邮件分数。 使用先前确定的垃圾邮件分数的组合来确定是否将接收的电子邮件消息视为垃圾邮件。
-
7.发明授权公开(公告)号:US07899866B1
公开(公告)日:2011-03-01
申请号:US11027895
申请日:2004-12-31
CPC分类号: H04L51/12
摘要: Email spam filtering is performed based on a sender reputation and message features. When an email message is received, a preliminary spam determination is made based, at least in part, on a combination of a reputation associated with the sender of the email message and one or more features of the email message. If the preliminary spam determination indicates that the message is spam, then a secondary spam determination is made based on one or more features of the received email message. If both the preliminary and secondary spam determinations indicate that the received email message is likely spam, then the message is treated as spam.
摘要翻译: 基于发件人信誉和消息功能执行电子邮件过滤。 当接收到电子邮件消息时,至少部分地基于与电子邮件消息的发送者与电子邮件消息的一个或多个特征相关联的信誉的组合来进行初步垃圾邮件确定。 如果初步垃圾邮件确定指示该消息是垃圾邮件,则基于所接收的电子邮件消息的一个或多个特征进行辅助垃圾邮件确定。 如果初步和次要垃圾邮件确定都指示接收的电子邮件可能是垃圾邮件,则该邮件被视为垃圾邮件。
-
公开(公告)号:US07930353B2
公开(公告)日:2011-04-19
申请号:US11193691
申请日:2005-07-29
申请人: David M. Chickering , Geoffrey J. Hulten , Robert L. Rounthwaite , Christopher A. Meek , David E. Heckerman , Joshua T. Goodman
发明人: David M. Chickering , Geoffrey J. Hulten , Robert L. Rounthwaite , Christopher A. Meek , David E. Heckerman , Joshua T. Goodman
IPC分类号: G06F15/16
CPC分类号: H04L51/12
摘要: Decision trees populated with classifier models are leveraged to provide enhanced spam detection utilizing separate email classifiers for each feature of an email. This provides a higher probability of spam detection through tailoring of each classifier model to facilitate in more accurately determining spam on a feature-by-feature basis. Classifiers can be constructed based on linear models such as, for example, logistic-regression models and/or support vector machines (SVM) and the like. The classifiers can also be constructed based on decision trees. “Compound features” based on internal and/or external nodes of a decision tree can be utilized to provide linear classifier models as well. Smoothing of the spam detection results can be achieved by utilizing classifier models from other nodes within the decision tree if training data is sparse. This forms a base model for branches of a decision tree that may not have received substantial training data.
摘要翻译: 利用分类器模型填充的决策树利用电子邮件的每个功能使用单独的电子邮件分类器来提供增强的垃圾邮件检测。 这通过定制每个分类器模型提供了更高的垃圾邮件检测的概率,以便于在逐个特征的基础上更准确地确定垃圾邮件。 分类器可以基于诸如逻辑回归模型和/或支持向量机(SVM)等线性模型来构建。 分类器也可以基于决策树构建。 基于决策树的内部和/或外部节点的“复合特征”也可以用于提供线性分类器模型。 垃圾邮件检测结果的平滑可以通过使用来自决策树内的其他节点的分类器模型来实现,如果训练数据是稀疏的。 这形成了可能没有接收到大量训练数据的决策树的分支的基本模型。
-
公开(公告)号:US07543053B2
公开(公告)日:2009-06-02
申请号:US10779295
申请日:2004-02-13
IPC分类号: G06F15/173
CPC分类号: G06Q10/107 , H04L51/12
摘要: The subject invention provides for an intelligent quarantining system and method that facilitates a more robust classification system in connection with spam prevention. The invention involves holding back some messages that appear to be questionable, suspicious, or untrustworthy from classification (as spam or good). In particular, the filter lacks information about these messages and thus classification is temporarily delayed. This provides more time for a filter update to arrive with a more accurate classification. The suspicious messages can be quarantined for a determined time period to allow more data to be collected regarding these messages. A number of factors can be employed to determine whether messages are more likely to be flagged for further analysis. User feedback by way of a feedback loop system can also be utilized to facilitate classification of the messages. After some time period, classification of the messages can be resumed.
摘要翻译: 本发明提供了一种智能隔离系统和方法,其有助于与防止垃圾邮件相关联的更强大的分类系统。 本发明涉及阻止一些似乎是有疑问的,可疑的或不可分类的消息(作为垃圾邮件或好的)。 特别地,过滤器缺少关于这些消息的信息,因此分类被暂时延迟。 这样可以提供更多的时间来进行更新,以更精确的分类。 可疑邮件可以隔离一段确定的时间段,以便收集有关这些邮件的更多数据。 可以采用许多因素来确定消息是否更有可能标记为进一步分析。 通过反馈回路系统的用户反馈也可以用来促进消息的分类。 一段时间后,可以恢复消息分类。
-
10.发明授权Training filters for detecting spasm based on IP addresses and text-related features 有权培训过滤器,用于根据IP地址和文本相关功能检测痉挛公开(公告)号:US07464264B2
公开(公告)日:2008-12-09
申请号:US10809163
申请日:2004-03-25
CPC分类号: H04L51/12 , G06Q10/107
摘要: The subject invention provides for an intelligent quarantining system and method that facilitates detecting and preventing spam. In particular, the invention employs a machine learning filter specifically trained using origination features such as an IP address as well as destination feature such as a URL. Moreover, the system and method involve training a plurality of filters using specific feature data for each filter. The filters are trained independently each other, thus one feature may not unduly influence another feature in determining whether a message is spam. Because multiple filters are trained and available to scan messages either individually or in combination (at least two filters), the filtering or spam detection process can be generalized to new messages having slightly modified features (e.g., IP address). The invention also involves locating the appropriate IP addresses or URLs in a message as well as guiding filters to weigh origination or destination features more than text-based features.
摘要翻译: 本发明提供了一种便于检测和防止垃圾邮件的智能隔离系统和方法。 特别地,本发明采用使用诸如IP地址之类的发起特征以及目的地特征(例如URL)专门训练的机器学习滤波器。 此外,该系统和方法涉及使用针对每个滤波器的特定特征数据来训练多个滤波器。 滤波器被彼此独立地训练,因此在确定消息是否是垃圾邮件时,一个特征可能不会不适当地影响另一特征。 由于多个过滤器被训练并可用于单独或组合扫描消息(至少两个过滤器),因此过滤或垃圾邮件检测过程可以推广到具有稍微修改的特征(例如,IP地址)的新消息。 本发明还涉及在消息中定位适当的IP地址或URL,以及引导过滤器比基于文本的特征更重要的起始或目的地特征。
-
-
-
-
-
-
-
-
-
搜索结果
107 条记录 (耗时 0.042 秒)
