Time zero classification of messages
First Claim
Patent Images
1. A method for classifying a message, the method comprising:
- receiving a message at a computer network interface;
performing a first test on content associated with the received message;
assigning an infectiousness probability to the received message based on the first test;
comparing the assigned infectiousness probability to a plurality of thresholds;
classifying the received message as suspicious based on the assigned infectiousness probability being above a legitimate threshold and below an infectious threshold;
performing a second test on the content associated with the received message;
updating the infectiousness probability of the received message based on the second test;
comparing the updated infectiousness probability to the thresholds;
re-classifying the message as infectious based on the updated infectiousness probability meeting the infectious threshold; and
performing an action based on the reclassification of the message, wherein the action includes preventing the message from being delivered to a recipient of the message when the reclassification indicates infectiousness.
10 Assignments
0 Petitions
Accused Products
Abstract
Detecting infectious messages comprises performing an individual characteristic analysis of a message to determine whether the message is suspicious, determining whether a similar message has been noted previously in the event that the message is determined to be suspicious, classifying the message according to its individual characteristics and its similarity to the noted message in the event that a similar message has been noted previously.
138 Citations
17 Claims
-
1. A method for classifying a message, the method comprising:
-
receiving a message at a computer network interface; performing a first test on content associated with the received message; assigning an infectiousness probability to the received message based on the first test; comparing the assigned infectiousness probability to a plurality of thresholds; classifying the received message as suspicious based on the assigned infectiousness probability being above a legitimate threshold and below an infectious threshold; performing a second test on the content associated with the received message; updating the infectiousness probability of the received message based on the second test; comparing the updated infectiousness probability to the thresholds; re-classifying the message as infectious based on the updated infectiousness probability meeting the infectious threshold; and performing an action based on the reclassification of the message, wherein the action includes preventing the message from being delivered to a recipient of the message when the reclassification indicates infectiousness. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer readable storage medium having embodied thereon a program executable by a processor to perform a method for classifying a message, the method comprising:
-
receiving a message over a computer network interface; performing a first test on content associated with the received message; assigning an infectiousness probability to the received message based on the first test; comparing the assigned infectiousness probability to a plurality of thresholds; classifying the received message as suspicious based on the assigned infectiousness probability being above a legitimate threshold and below an infectious threshold; performing a second test on the content associated with the received message; updating the infectiousness probability of the received message based on the second test; comparing the updated infectiousness probability to the thresholds; re-classifying the message as infectious based on the updated infectiousness probability meeting the infectious threshold; and performing an action based on the reclassification of the message, wherein the action includes preventing the message from being delivered to a recipient of the message when the reclassification indicates infectiousness. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An apparatus for classifying a message, the apparatus comprising:
-
a network interface that receives a message over a computer network interface; and a processor that executes instructions out of memory to; perform a first test on content associated with the received message; assign an infectiousness probability to the received message based on the first test, compare the assigned infectiousness probability to a plurality of thresholds, classify the received message based on the assigned infectiousness probability being above a legitimate threshold and below an infectious threshold, perform a second test on the content associated with the received message, update the infectiousness probability of the received message based on the second test, compare the updated infectiousness probability to the thresholds, re-classify the message as infectious based on the updated infectiousness probability meeting the infectious threshold, and perform an action based on the reclassification of the message, wherein the action includes preventing the message from being delivered to a recipient of the message when the reclassification indicates infectiousness. - View Dependent Claims (14, 15, 16, 17)
-
Specification