Systems and Methods For Message Threat Management
14 Assignments
0 Petitions
Accused Products
Abstract
The present invention is directed to systems and methods for detecting unsolicited and threatening communications and communicating threat information related thereto. Threat information is received from one or more sources; such sources can include external security databases and threat information data from one or more application and/or network layer security systems. The received threat information is reduced into a canonical term. Features are extracted from the reduced threat information; these features in conjuntion with configuration data such as goals are used to produce rules. In some embodiments, these rules are tested against one or more sets of test data and compared against the same or different goals; if one or more tests fail, the rules are refined until the tests succeed within an acceptable margin of error. The rules are then propagated to one or more application layer security systems.
269 Citations
62 Claims
-
1-38. -38. (canceled)
-
39. A method for operation upon one or more data processors to assign a reputation to a messaging entity, comprising:
-
receiving data that identifies one or more characteristics related to a messaging entity'"'"'s communication;
determining a reputation score associated with the received communication based upon the identification data;
wherein the determined reputation score is indicative of reputation of the messaging entity;
wherein the determined reputation score is used in deciding what action is to be taken with respect to communication associated with the messaging entity. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
-
-
50. A method of performing transmission filtering utilizing reputation scores of transmission sender, the method comprising:
-
identifying at least one characteristic about a transmission from a sender;
performing a real-time query to a reputation system that includes the transmission characteristic;
receiving a score representing reputation related to the transmission;
performing an action on the transmission from the sender corresponding to the score range of the sender'"'"'s reputation. - View Dependent Claims (51, 52, 53, 54)
-
-
55. A method of performing filtering of groups of transmissions utilizing reputation scores of senders of transmissions, the method comprising:
-
grouping multiple transmissions together based on content similarities or similarities in transmission sender behavior;
identifying at least one characteristic about each transmission in the groupings;
performing a query to the reputation system and receiving a score representing reputation of each sender;
classifying groups of transmissions based on the percentage of reputable and non-reputable senders in the group. - View Dependent Claims (56, 57)
-
-
58. A method of performing tuning and training of filtering systems utilizing reputation scores of senders of transmissions in sets of trainable transmissions, the method comprising:
-
identifying at least one characteristic about transmissions from senders;
performing queries to a reputation system and receiving scores representing reputations of the senders;
classifying transmissions into multiple categories based on a range a sender'"'"'s reputation score falls into;
passing on transmissions and their classification categories to a trainer of another filtering system to be used for optimization of the filtering system. - View Dependent Claims (59, 60)
-
-
61. An article of manufacture comprising a digital signal for transmission using a network;
-
wherein the digital signal includes a query to a reputation process;
wherein the reputation process assigns a reputation to a messaging entity by receiving the query containing data related to a messaging entity'"'"'s identity;
wherein the identity data is used by the reputation process to determine reputation indicative probabilities;
wherein a reputation indicative probability indicates reputability of a messaging entity based upon extent to which the messaging entity exhibits or conforms to a reputation-related criterion;
wherein a reputation score is determined based upon aggregation of the determined probabilities;
wherein the determined reputation score is indicative of reputation of the messaging entity;
wherein the determined reputation score is used in deciding what action is to be taken with respect to a communication associated with the messaging entity. - View Dependent Claims (62)
-
Specification