Systems and methods of detecting email-based attacks through machine learning
First Claim
Patent Images
1. A system comprising:
- at least one processor; and
at least one memory having stored thereon computer program code that, when executed by the at least one processor, controls the at least one processor to;
receive an email addressed to a user;
separate the email into a plurality of email components, the email components comprising a first link;
analyze, using machine-learning techniques, each of the plurality of email components, by;
virtually navigating to an end-point of the first link;
tracking re-routing by the first link between a starting point and the end-point;
receiving an automatic download triggered by the virtual navigation;
isolating the automatic download;
analyzing the automatic download; and
analyzing a content of the end-point; and
provide the analysis of each of the plurality of email components into a stacked ensemble analyzer; and
based on an output of the stacked ensemble analyzer, determine that the email is potentially malicious.
1 Assignment
0 Petitions
Accused Products
Abstract
A system including at least one processor; and at least one memory having stored thereon computer program code that, when executed by the at least one processor, controls the at least one processor to: receive an email addressed to a user; separate the email into a plurality of email components; analyze, using respective machine-learning techniques, each of the plurality of email components; feed the analysis of each of the plurality of email components into a stacked ensemble analyzer; and based on an output of the stacked ensemble analyzer, determine whether the email is malicious.
-
Citations
19 Claims
-
1. A system comprising:
-
at least one processor; and at least one memory having stored thereon computer program code that, when executed by the at least one processor, controls the at least one processor to; receive an email addressed to a user; separate the email into a plurality of email components, the email components comprising a first link; analyze, using machine-learning techniques, each of the plurality of email components, by; virtually navigating to an end-point of the first link; tracking re-routing by the first link between a starting point and the end-point; receiving an automatic download triggered by the virtual navigation; isolating the automatic download; analyzing the automatic download; and analyzing a content of the end-point; and provide the analysis of each of the plurality of email components into a stacked ensemble analyzer; and based on an output of the stacked ensemble analyzer, determine that the email is potentially malicious. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system comprising:
-
at least one processor; and at least one memory having stored thereon computer program code that, when executed by the at least one processor, controls the at least one processor to; receive an email addressed to a user; separate the email into a plurality of email components; analyze each of the plurality of email components using machine-learning techniques; provide the analysis of each of the plurality of email components into a stacked ensemble analyzer; determine that the email is potentially malicious based on an output of the stacked ensemble analyzer; output, to a systems operations console, the email; receive, from the systems operations console, an external indication that the email is malicious; and update the machine-learning techniques, based on the comparison of the external indication from the systems operations console and the determination that the email is potentially malicious from the ensemble analyzer, by; updating a training corpus of emails to include the email; and incrementally retraining the machine-learning techniques based on the updated training corpus. - View Dependent Claims (13, 14, 15)
-
-
16. A system comprising:
-
at least one processor; and at least one memory having stored thereon computer program code that, when executed by the at least one processor, controls the at least one processor to; receive an email addressed to a user; separate the email into a plurality of email components; analyze each of the plurality of email components, using machine-learning techniques; provide the analysis of each of the plurality of email components into a stacked ensemble analyzer; determine that the email is malicious, based on an output of the stacked ensemble analyzer; generate a sanitized version of the malicious email, based on the determination that the email is malicious; and replace, within a user account of the user, a copy of the malicious email with the generated sanitized version of the email. - View Dependent Claims (17, 18, 19)
-
Specification