Probabilistic email intrusion identification methods and systems
First Claim
1. A computerized method for identifying email intrusions comprising:
- performing a plurality of tests for determining if an email message is an email intrusion on at least one email message, each of the plurality of tests having a detection accuracy probability associated therewith;
computing an overall detection accuracy probability based at least in part on the product of the detection accuracy probabilities associated with each of the tests performed; and
disposing of an email message determined to be an email intrusion based at least in part on the computed overall detection accuracy probability in accordance with one of a plurality of possible dispositions for the email message.
0 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides computerized methods and systems for identifying email intrusion that includes the steps of performing a plurality of tests for determining if an email message is an email intrusion on at least one email message, each of the plurality of tests having a detection accuracy probability associated therewith, computing an overall detection accuracy probability based at least in part on the product of the detection accuracy probabilities associated with each of the tests; and disposing an email message determined to be an email intrusion based on the computed overall probability in accordance with one of a plurality of possible disposition for the email message.
73 Citations
20 Claims
-
1. A computerized method for identifying email intrusions comprising:
-
performing a plurality of tests for determining if an email message is an email intrusion on at least one email message, each of the plurality of tests having a detection accuracy probability associated therewith;
computing an overall detection accuracy probability based at least in part on the product of the detection accuracy probabilities associated with each of the tests performed; and
disposing of an email message determined to be an email intrusion based at least in part on the computed overall detection accuracy probability in accordance with one of a plurality of possible dispositions for the email message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computerized method for identifying email intrusions comprising:
-
determining a detection accuracy probability vector for an email message;
determining a relative cost matrix representing a cost of each of a plurality of possible dispositions for the email message;
computing an expected cost for each possible disposition based on the detection accuracy vector and the relative cost matrix; and
disposing of the email message based on the expected cost of the disposition.
-
-
17. A computerized method for testing email messages comprising:
-
determining an email system load; and
bypassing at least one of a plurality of tests for determining if an email message is an email intrusion based on the detection accuracy probability associated with the test being bypassed and the email system load.
-
-
18. A computerized method for testing email messages comprising:
-
determining an email system load;
computing a computational cost of performing at least one test of a plurality of tests for determining if an email message is an email intrusion;
and bypassing at least one test of the plurality of tests based on the computational cost and a detection accuracy probability of the bypassed test.
-
-
19. A computerized method for identifying email intrusions comprising:
-
performing on at least one email message at least one of a plurality of tests for determining if the email message is an email intrusion, each of the plurality of tests having a detection accuracy probability associated therewith;
determining an expected cost associated with each of a plurality of dispositions for the email message based on the detection accuracy probability associated with the at least one of a plurality of tests; and
disposing of the email message based on the expected cost of disposing the email message. - View Dependent Claims (20)
-
Specification