Reputation-based method and system for determining a likelihood that a message is undesired
First Claim
1. A system, comprising:
- a computing device having a processor and memory, the computing device including a security appliance configured to;
receive, from a reputation engine, a first reputation metric corresponding to a first tuple of a plurality of tuples, the first tuple comprising a user identifier and an Internet Protocol (IP) address for an origin of a message and associated with a first level of granularity for identification of the origin of the message;
receive, from the reputation engine, a second reputation metric corresponding to a second tuple of the plurality of tuples, the second tuple comprising a domain and the IP address for the origin of the message and associated with a second level of granularity for identification of the origin of the message; and
calculate a value indicative of a likelihood that the message is undesired by use of the first reputation metric corresponding to the first tuple associated with the first level of granularity and the second reputation metric corresponding to the second tuple associated with the second level of granularity; and
handling the message in accordance with the value indicative of the likelihood that the message is undesired;
wherein the reputation engine is configured to determine the first reputation metric and the second reputation metric in response to receiving the plurality of tuples associated with the message; and
wherein a reputation metric associated with a tuple assigned a finer granularity contributes to the value more than a reputation metric associated with a tuple assigned a lower granularity.
9 Assignments
0 Petitions
Accused Products
Abstract
A system and method for providing a reputation service for use in messaging environments employs a reputation of compiled statistics, representing whether SPAM messages have previously been received from respective a selected set of identifiers for the origin of the message, in a decision making process for newly received messages. In a preferred embodiment, the set of identifiers includes the IP address, a tuple of the domain and IP address and a tuple of the user and IP address and the set of identifiers allows for a relatively fine grained set of reputation metrics to be compiled and used when making a determination of a likelihood as to whether a received message is undesired in accordance with the invention.
77 Citations
13 Claims
-
1. A system, comprising:
-
a computing device having a processor and memory, the computing device including a security appliance configured to; receive, from a reputation engine, a first reputation metric corresponding to a first tuple of a plurality of tuples, the first tuple comprising a user identifier and an Internet Protocol (IP) address for an origin of a message and associated with a first level of granularity for identification of the origin of the message; receive, from the reputation engine, a second reputation metric corresponding to a second tuple of the plurality of tuples, the second tuple comprising a domain and the IP address for the origin of the message and associated with a second level of granularity for identification of the origin of the message; and calculate a value indicative of a likelihood that the message is undesired by use of the first reputation metric corresponding to the first tuple associated with the first level of granularity and the second reputation metric corresponding to the second tuple associated with the second level of granularity; and handling the message in accordance with the value indicative of the likelihood that the message is undesired; wherein the reputation engine is configured to determine the first reputation metric and the second reputation metric in response to receiving the plurality of tuples associated with the message; and wherein a reputation metric associated with a tuple assigned a finer granularity contributes to the value more than a reputation metric associated with a tuple assigned a lower granularity. - View Dependent Claims (2, 3)
-
-
4. An apparatus, comprising:
-
a processor; and a non-transitory computer-readable medium storing instructions that when executed cause the processor to; receive, from a reputation engine, a first reputation metric corresponding to a first tuple of a plurality of tuples, the first tuple comprising a user identifier and an Internet Protocol (IP) address for an origin of a message and associated with a first level of granularity for identification of the origin of the message; receive, from the reputation engine, a second reputation metric corresponding to a second tuple of the plurality of tuples, the second tuple comprising a domain and the IP address for the origin of the message and associated with a second level of granularity for identification of the origin of the message; and calculate a value indicative of a likelihood that the message is undesired using the first reputation metric corresponding to the first tuple associated with the first level of granularity and the second reputation metric corresponding to the second tuple associated with the second level of granularity; wherein a reputation metric associated with a tuple assigned a finer granularity contributes to the value more than a reputation metric associated with a tuple assigned a lower granularity. - View Dependent Claims (5, 6, 7)
-
-
8. A computer program product comprising a non-transitory computer-readable storage medium storing program code executable to perform operations, comprising:
-
determining a first tuple of a plurality of tuples, the first tuple comprising a user identifier and an Internet Protocol (IP) address for a message and associated with a first level of granularity for identification of the message; determining a second tuple of the plurality of tuples, the second tuple comprising a domain and the IP address for the message and associated with a second level of granularity for identification of the message; determining a first reputation metric corresponding to the first tuple; determining a second reputation metric corresponding to the second tuple; and calculating a value indicative of a likelihood that the message is undesired using the first reputation metric corresponding to the first tuple associated with the first level of granularity and the second reputation metric corresponding to the second tuple associated with the second level of granularity; wherein a reputation metric associated with a tuple assigned a finer granularity contributes to the value more than a reputation metric associated with a tuple assigned a lower granularity. - View Dependent Claims (9, 10, 11, 12, 13)
-
Specification