Defending against malicious electronic messages

US 10,333,950 B2
Filed: 05/01/2016
Issued: 06/25/2019
Est. Priority Date: 05/01/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for defending against malicious electronic messages, the method comprising:

analyzing a plurality of electronic messages, wherein each of the electronic messages is either of a) an electronic mail message and b) an instant message sent via a computer network, to identify a plurality of predefined risk elements, wherein the plurality of predefined risk elements include any ofa predefined suspicious word or phrase included in any of the plurality of electronic messages, anda computer network address included in any of the plurality of electronic messages;

detecting an attempt by a computer user to perform a computer-mediated action that is associated with any of the plurality of electronic messages, wherein the computer-mediated action includes either of a) sending information to the computer network address and b) retrieving information located at the computer network address;

assigning a predefined risk value to each of the plurality of predefined risk elements;

determining a total of the risk values of the plurality of predefined risk elements found across the plurality of electronic messages, wherein the plurality of electronic messages are sent by a common sender or sent by multiple senders regarding a common topic;

identifying a potential security risk associated with any of the plurality of electronic messages and the computer-mediated action if the total of the risk values of the plurality of predefined risk elements found across the plurality of electronic messages meets or exceeds a predefined threshold value; and

performing a predefined preventive security action responsive to identifying the potential security risk.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Defending against malicious electronic messages by analyzing electronic messages sent via a computer network to identify predefined risk elements found within the electronic messages, detecting attempts to perform computer-mediated actions that are associated with the electronic messages, identifying a potential security risk associated with the electronic messages and the computer-mediated actions, and performing a predefined preventive security action responsive to identifying the potential security risk.

Citations

7 Claims

1. A computer-implemented method for defending against malicious electronic messages, the method comprising:
- analyzing a plurality of electronic messages, wherein each of the electronic messages is either of a) an electronic mail message and b) an instant message sent via a computer network, to identify a plurality of predefined risk elements, wherein the plurality of predefined risk elements include any ofa predefined suspicious word or phrase included in any of the plurality of electronic messages, anda computer network address included in any of the plurality of electronic messages;
  
  detecting an attempt by a computer user to perform a computer-mediated action that is associated with any of the plurality of electronic messages, wherein the computer-mediated action includes either of a) sending information to the computer network address and b) retrieving information located at the computer network address;
  
  assigning a predefined risk value to each of the plurality of predefined risk elements;
  
  determining a total of the risk values of the plurality of predefined risk elements found across the plurality of electronic messages, wherein the plurality of electronic messages are sent by a common sender or sent by multiple senders regarding a common topic;
  
  identifying a potential security risk associated with any of the plurality of electronic messages and the computer-mediated action if the total of the risk values of the plurality of predefined risk elements found across the plurality of electronic messages meets or exceeds a predefined threshold value; and
  
  performing a predefined preventive security action responsive to identifying the potential security risk.
- View Dependent Claims (2, 3)
- - 2. The method according to claim 1 wherein the detecting comprises detecting wherein the computer-mediated action comprises accessing an electronic document from at least one computer network address indicated by any of the plurality of electronic messages.
  - 3. The method according to claim 1 wherein the performing comprises prompting the computer user to selectably allow the computer-mediated action to be performed or prevent the computer-mediated action from being performed.

4. A system for defending against malicious electronic messages, the system comprising:
- an electronic message activity monitor configured toanalyze a plurality of electronic messages, wherein each of the electronic messages is either of a) an electronic mail message and b) an instant message sent via a computer network, to identify a plurality of predefined risk elements, wherein the plurality of predefined risk elements include any ofa predefined suspicious word or phrase included in any of the plurality of electronic messages, anda computer network address included in any of the plurality of electronic messages, anddetect an attempt by a computer user to perform a computer-mediated action that is associated with any of the plurality of electronic messages, wherein the computer-mediated action includes either of a) sending information to the computer network address and b) retrieving information located at the computer network address; and
  
  a security manager configured toassign a predefined risk value to each of the plurality of predefined risk elements,determine a total of the risk values of the plurality of predefined risk elements found across the plurality of electronic messages, wherein the plurality of electronic messages are sent by a common sender or sent by multiple senders regarding a common topic,identify a potential security risk associated with any of the plurality of electronic messages and the computer-mediated action if a total of the risk values of the plurality of predefined risk elements found across the plurality of electronic messages meets or exceeds a predefined threshold value, andperform a predefined preventive security action responsive to identifying the potential security risk.
- View Dependent Claims (5, 6)
- - 5. The system according to claim 4 wherein the computer-mediated action comprises accessing an electronic document from at least one computer network address indicated by any of the plurality of electronic messages.
  - 6. The system according to claim 4 wherein the preventive security action comprises prompting the computer user to selectably allow the computer-mediated action to be performed or prevent the computer-mediated action from being performed.

7. A computer program product for defending against malicious electronic messages, the computer program product comprising:
- a non-transitory, computer-readable storage medium; and
  
  computer-readable program code embodied in the storage medium, wherein the computer-readable program code is configured toanalyze a plurality of electronic messages, wherein each of the electronic messages is either of a) an electronic mail message and b) an instant message sent via a computer network, to identify a plurality of predefined risk elements, wherein the plurality of predefined risk elements include any ofa predefined suspicious word or phrase included in any of the plurality of electronic messages, anda computer network address included in any of the plurality of electronic messages,detect an attempt by a computer user to perform a computer-mediated action that is associated with any of the plurality of electronic messages, wherein the computer-mediated action includes either of a) sending information to the computer network address and b) retrieving information located at the computer network address,determine a total of the risk values of the plurality of predefined risk elements found across the plurality of electronic messages, wherein the plurality of electronic messages are sent by a common sender or sent by multiple senders regarding a common topic,assign a predefined risk value to each of the plurality of predefined risk elements,identify a potential security risk associated with any of the plurality of electronic messages and the computer-mediated action if a total of the risk values of the plurality of predefined risk elements found across the plurality of electronic messages meets or exceeds a predefined threshold value, andperform a predefined preventive security action responsive to identifying the potential security risk.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Shehory, Onn
Primary Examiner(s)
Perungavoor, Venkat

Application Number

US15/143,588
Publication Number

US 20170318038A1
Time in Patent Office

1,150 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/56   Computer malware detection ...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

H04L 51/212   using filtering or selectiv...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

Defending against malicious electronic messages

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

Defending against malicious electronic messages

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links