Method and system for detecting malicious activity and virus outbreak in email

US 20040054742A1
Filed: 06/17/2003
Published: 03/18/2004
Est. Priority Date: 06/21/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method for detecting presence of malicious activity within an email junction, comprising:

determining a threshold number of the acceptable email traffic intensity through said email junction;

monitoring the email traffic intensity in said email junction; and

indicating the presence of malicious activity within said email junction upon exceeding the monitored traffic intensity from said threshold.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for detecting the presence of malicious activity within an email junction in which a threshold number for the acceptable email traffic intensity through the email junction is determined, the email traffic intensity in the email junction is monitored, and the presence of malicious activity within the email junction is indicated upon detection of monitored email traffic intensity exceeding the threshold. The invention may also be implemented for other types of data, e.g., files, data packets, and so forth.

27 Citations

View as Search Results

15 Claims

1. A method for detecting presence of malicious activity within an email junction, comprising:
- determining a threshold number of the acceptable email traffic intensity through said email junction;
  
  monitoring the email traffic intensity in said email junction; and
  
  indicating the presence of malicious activity within said email junction upon exceeding the monitored traffic intensity from said threshold.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method according to claim 1, wherein said email junction is selected from the group comprising a gateway between two networks, an email server of an organization, and an email client.
  - 3. A method according to claim 1, wherein said email traffic intensity is selected from the group comprising the incoming email messages to said email junction per time unit, the outgoing email messages from said email junction per time unit, and any combination between the incoming email messages to said email junction and the outgoing email messages from said email junction per time unit.
  - 4. A method according to claim 1, wherein said threshold number is determined according to the normal behavior of said account in a given time.
  - 5. A method according to claim 1, further comprising postponing the transfer of email messages, until indicating that no malicious activity is carried out with respect to said email junction.
  - 6. A method according to claim 1, further comprising upon detecting presence of malicious activity within said email junction, performing an operation selected from the group comprising alerting about the presence of malicious activity within said email junction, suspending sending of email messages, aborting sending of email messages, and erasing at least one recently delivered email message from its corresponding email account.

7. A method for detecting presence of malicious activity within a data junction through which at least one data entity is passing, comprising:
- determining a threshold number of the acceptable data traffic intensity through said data junction;
  
  monitoring the data traffic intensity through said data junction; and
  
  indicating the presence of malicious activity within said data junction upon exceeding the monitored traffic intensity from said threshold.
- View Dependent Claims (8, 9)
- - 8. A method according to claim 7, wherein said at least one data entity is selected from the group comprising an email message, a file, and a data packet.
  - 9. A method according to claim 7, wherein said data junction is selected from the group comprising an email account, an email client, an email server, and the gateway between two networks.

10. A system for detecting presence of malicious activity within an email junction, comprising:
- means for storing a threshold number of the acceptable traffic intensity of said email junction;
  
  means for monitoring the email traffic intensity of said email junction;
  
  means for storing the monitored traffic intensity of said email junction; and
  
  means for detecting whether the traffic intensity of said email junction exceeds said threshold.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. A system according to claim 10, wherein said means for storing a threshold number and said means for storing the monitored traffic intensity are accessible by said means for detecting whether the traffic intensity of said email junction exceeds said threshold number.
  - 12. A system according to claim 10, wherein said means for storing a threshold number is a memory component selected from a group comprising volatile and non-volatile memory.
  - 13. A system according to claim 10, further comprising means for performing operations selected from the group comprising alerting about the presence of malicious activity within said email junction, suspending sending of email messages, aborting sending of email messages, and erasing at least one recently delivered email message from its corresponding email account.
  - 14. A system according to claim 10, wherein said means for monitoring the email traffic is based on a combination of software and hardware technology.
  - 15. A system according to claim 10, wherein said means for detecting whether the traffic intensity of said email junction exceeds said threshold number is based on a combination of software and hardware technology.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aladdin Knowledge Systems Incorporated (Thales SA)
Original Assignee
Aladdin Knowledge Systems Incorporated (Thales SA)
Inventors
Elzam, Ofer, Gruper, Shimon, Margalit, Yanki, Margalit, Dany

Application Number

US10/463,297
Publication Number

US 20040054742A1
Time in Patent Office

Days
Field of Search
US Class Current

709/206
CPC Class Codes

H04L 51/234 for tracking messages

Method and system for detecting malicious activity and virus outbreak in email

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Method and system for detecting malicious activity and virus outbreak in email

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others