Analyzing traffic patterns to detect infectious messages
23 Assignments
0 Petitions
Accused Products
Abstract
Managing electronic messages comprises receiving a message, forwarding the message, determining that the forwarded message is infectious after the message has been forwarded and preventing the infectious forwarded message from spreading.
-
Citations
30 Claims
-
1-20. -20. (canceled)
-
21. A method of detecting a malicious message in a stream of incoming messages, the method comprising:
-
creating a message identifier associated with an incoming message at a time of receipt of the incoming message; calculating a probability that the incoming message is malicious; calculating a traffic pattern variable associated with traffic on a network at the time of receipt of the message; establishing a traffic pattern for the stream of incoming messages, the traffic pattern describing a variation over time of a plurality of message identifiers, probabilities that incoming messages are malicious, and associated traffic pattern variables; monitoring the traffic pattern to establish a threshold, the threshold describing a range of expected variation of the traffic pattern; and detecting a variation in the traffic pattern in excess of the established threshold, wherein the variation is indicative of a malicious message in the stream of incoming messages. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A computer-readable storage medium having embodied thereon a program, the program being executable by a processor to perform a method of detecting a malicious message in a stream of incoming messages, the method comprising:
-
creating a message identifier associated with an incoming message at a time of receipt of the incoming message; calculating a probability that the incoming message is malicious; calculating a traffic pattern variable associated with traffic on a network at the time of receipt of the message; establishing a traffic pattern for the stream of incoming messages, the traffic pattern describing a variation over time of a plurality of message identifiers, probabilities that incoming messages are malicious, and associated traffic pattern variables; monitoring the traffic pattern to establish a threshold, the threshold describing a range of expected variation of the traffic pattern; and detecting a variation in the traffic pattern in excess of the established threshold, wherein the variation is indicative of a malicious message in the stream of incoming messages.
-
Specification