Probabilistic email intrusion identification methods and systems

US 20050071432A1
Filed: 09/28/2004
Published: 03/31/2005
Est. Priority Date: 09/29/2003
Status: Abandoned Application

First Claim

Patent Images

1. A computerized method for identifying email intrusions comprising:

performing a plurality of tests for determining if an email message is an email intrusion on at least one email message, each of the plurality of tests having a detection accuracy probability associated therewith;

computing an overall detection accuracy probability based at least in part on the product of the detection accuracy probabilities associated with each of the tests performed; and

disposing of an email message determined to be an email intrusion based at least in part on the computed overall detection accuracy probability in accordance with one of a plurality of possible dispositions for the email message.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides computerized methods and systems for identifying email intrusion that includes the steps of performing a plurality of tests for determining if an email message is an email intrusion on at least one email message, each of the plurality of tests having a detection accuracy probability associated therewith, computing an overall detection accuracy probability based at least in part on the product of the detection accuracy probabilities associated with each of the tests; and disposing an email message determined to be an email intrusion based on the computed overall probability in accordance with one of a plurality of possible disposition for the email message.

73 Citations

View as Search Results

20 Claims

1. A computerized method for identifying email intrusions comprising:
- performing a plurality of tests for determining if an email message is an email intrusion on at least one email message, each of the plurality of tests having a detection accuracy probability associated therewith;
  
  computing an overall detection accuracy probability based at least in part on the product of the detection accuracy probabilities associated with each of the tests performed; and
  
  disposing of an email message determined to be an email intrusion based at least in part on the computed overall detection accuracy probability in accordance with one of a plurality of possible dispositions for the email message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, comprising determining an email system load and bypassing at least one of the plurality of tests for determining if an email message is an email intrusion based on the detection accuracy probability associated with the test being bypassed and the email system load.
  - 3. The method of claim 1, comprising computing a computational cost of performing at least one test for determining if an email message is an email intrusion and bypassing at least one test of the plurality of tests based on the computational cost and the detection accuracy probability of the bypassed test.
  - 4. The method of claim 1, comprising bypassing at least one test of the plurality of tests having a marginal benefit to the overall detection accuracy probability in relation to one of a computational cost for performing the test and a load on an email system for performing the test.
  - 5. The method of claim 1, comprising computing an expected cost for disposing of an email intrusion for each of the plurality of possible dispositions, wherein a disposition for a specific email suspected to be an email intrusion is selected based on the expected costs of disposing an email intrusion.
  - 6. The method of claim 5, wherein the expected cost of disposing an email intrusion is based at least in part on the overall detection accuracy probability.
  - 7. The method of claim 5, comprising disposing the email message determined to be an email intrusion based on the expected cost of each of the plurality of possible dispositions for the email message.
  - 8. The method of claim 7, wherein the plurality of possible dispositions comprises delivering, deleting, quarantining, and labeling the email message.
  - 9. The method of claim 5, wherein the expected cost of each of the plurality of possible dispositions is determined on at least one of a user specific and a test specific basis.
  - 10. The method of claim 5, comprising applying an optimal mixed strategy from mathematical game theory to a matrix of the costs associated with the plurality of possible dispositions to select a predicted most favorable disposition for each specific email message either deterministically or randomly based on a computation of the strategy, and disposing of the message accordingly.
  - 11. The method of claim 5, wherein the disposition is selected based on some probability-valued function over possible resulting vectors of expected costs or payoffs.
  - 12. The method of claim 1, wherein the detection accuracy for each of the plurality of tests is based at least in part on a user specific measured accuracy.
  - 13. The method of claim 1, wherein the plurality of tests are performed in a declining numerical order based on the detection accuracy probability of each test, the method further comprising bypassing tests having detection accuracy probabilities that do not exceed a detection accuracy threshold.
  - 14. The method of claim 1, comprising assigning a reliability score to an email message identified as an email intrusion.
  - 15. The method of claim 14, comprising one of delivering, deleting, and quarantining an email message identified as an email intrusion based on a user defined domain specific reliability threshold.

16. A computerized method for identifying email intrusions comprising:
- determining a detection accuracy probability vector for an email message;
  
  determining a relative cost matrix representing a cost of each of a plurality of possible dispositions for the email message;
  
  computing an expected cost for each possible disposition based on the detection accuracy vector and the relative cost matrix; and
  
  disposing of the email message based on the expected cost of the disposition.

17. A computerized method for testing email messages comprising:
- determining an email system load; and
  
  bypassing at least one of a plurality of tests for determining if an email message is an email intrusion based on the detection accuracy probability associated with the test being bypassed and the email system load.

18. A computerized method for testing email messages comprising:
- determining an email system load;
  
  computing a computational cost of performing at least one test of a plurality of tests for determining if an email message is an email intrusion;
  
  and bypassing at least one test of the plurality of tests based on the computational cost and a detection accuracy probability of the bypassed test.

19. A computerized method for identifying email intrusions comprising:
- performing on at least one email message at least one of a plurality of tests for determining if the email message is an email intrusion, each of the plurality of tests having a detection accuracy probability associated therewith;
  
  determining an expected cost associated with each of a plurality of dispositions for the email message based on the detection accuracy probability associated with the at least one of a plurality of tests; and
  
  disposing of the email message based on the expected cost of disposing the email message.
- View Dependent Claims (20)
- - 20. The method of claim 19 comprising performing a plurality of the tests for determining if the email message is an email intrusion and computing an overall detection accuracy probability based at least in part on the product of the detection accuracy probabilities associated with each of the tests performed, wherein the expected cost associated with each of the plurality of dispositions for the email message is based on the computed overall detection accuracy probability.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Clifton W. Royston III
Original Assignee
Clifton W. Royston III
Inventors
Royston, Clifton W. III

Application Number

US10/951,353
Publication Number

US 20050071432A1
Time in Patent Office

Days
Field of Search
US Class Current

709/206
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 51/212   using filtering or selectiv...

H04L 63/0245   Filtering by information in...

H04L 63/145   the attack involving the pr...

Probabilistic email intrusion identification methods and systems

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

73 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Probabilistic email intrusion identification methods and systems

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links