Detection of email spoofing and spear phishing attacks
First Claim
1. A computer-implemented method of detecting an email spear phishing attack, comprising:
- generating a contact model of a sender of emails;
determining, by a hardware processor, a statistical dispersion of the generated contact model, the statistical dispersion of the contact model being indicative of a spread of a distribution of data in the generated model;
receiving, over a computer network, an email from the sender;
when the determined statistical dispersion is lower than a dispersion threshold;
evaluating the received email in the processor against a plurality of conditions associated with spear phishing attacks to generate a features vector, the features vector comprising a plurality of binary values and a plurality of dispersion values between 0 and 1;
using at least the generated features vector and the generated contact model to classify the received email as a likely legitimate email or as a likely malicious email spear phishing attack; and
notifying a recipient of the email when the received email is classified as a likely malicious email spear phishing attack.
5 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method of detecting an email spoofing and spear phishing attack may comprise generating a contact model of a sender of emails; determining, by a hardware processor, a statistical dispersion of the generated contact model that is indicative of a spread of a distribution of data in the generated model and receiving, over a computer network, an email from the sender. If the determined statistical dispersion is lower than a dispersion threshold, the received email may be evaluated in the processor against a plurality of conditions associated with email spoofing and spear phishing attacks, using the generated contact model, to generate a features vector that is constituted of a plurality of binary values and a plurality of dispersion values between 0 and 1, and using at least the generated features vector to classify with a supervised learning algorithm the received email as a likely legitimate email or as a likely malicious email spear phishing attack; and notifying a recipient of the email when the received email is classified as a likely malicious email spear phishing attack.
22 Citations
20 Claims
-
1. A computer-implemented method of detecting an email spear phishing attack, comprising:
-
generating a contact model of a sender of emails; determining, by a hardware processor, a statistical dispersion of the generated contact model, the statistical dispersion of the contact model being indicative of a spread of a distribution of data in the generated model; receiving, over a computer network, an email from the sender; when the determined statistical dispersion is lower than a dispersion threshold; evaluating the received email in the processor against a plurality of conditions associated with spear phishing attacks to generate a features vector, the features vector comprising a plurality of binary values and a plurality of dispersion values between 0 and 1; using at least the generated features vector and the generated contact model to classify the received email as a likely legitimate email or as a likely malicious email spear phishing attack; and notifying a recipient of the email when the received email is classified as a likely malicious email spear phishing attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computing device comprising:
-
at least one processor; at least one data storage device coupled to the at least one processor; a network interface coupled to the at least one processor and to a computer network; a plurality of processes spawned by said at least one processor, the processes including processing logic for; generating a contact model of a sender of emails; determining, by a hardware processor, a statistical dispersion of the generated contact model, the statistical dispersion of the contact model being indicative of a spread of a distribution of data in the generated model; receiving, over a computer network, an email from the sender; when the determined statistical dispersion lower than a dispersion threshold; evaluating the received email in the processor against a plurality of conditions associated with spear phishing attacks to generate a features vector, the features vector comprising a plurality of binary values and a plurality of dispersion values between 0 and 1; using at least the generated features vector and the generated contact model to classify the received email as a likely legitimate email or as a likely malicious email spear phishing attack; and notifying a recipient of the email when the received email is classified as a likely malicious email spear phishing attack. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification