SYSTEM AND METHODS FOR DETECTING MALICIOUS EMAIL TRANSMISSION
First Claim
1. A method for monitoring transmission of email through a computer system, said computer system comprising a server and one or more clients having an email account, the method comprising:
- (a) gathering statistics relating to the transmission behavior of email relating to a first email account on said computer system; and
(b) generating a profile relating to the transmission behavior of email relating to said first email account based on said statistics.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and methods of detecting an occurrence of a violation of an email security policy of a computer system. A model relating to the transmission of prior emails through the computer system is defined which is derived from statistics relating to the prior emails. For selected emails to be analyzed, statistics concerning the selected email are gathered. Such statistics may refer to the behavior or other features of the selected emails, attachments to emails, or email accounts. The determination of whether a violation of an email security policy has occurred is performed by applying the model of prior email transmission to the statistics relating to the selected email. The model may be statistical or probabilistic. A model of prior email transmission may include grouping email recipients into cliques. A determination of a violation of a security policy may occur if email recipients for a particular email are in more than one clique.
-
Citations
23 Claims
-
1. A method for monitoring transmission of email through a computer system, said computer system comprising a server and one or more clients having an email account, the method comprising:
-
(a) gathering statistics relating to the transmission behavior of email relating to a first email account on said computer system; and (b) generating a profile relating to the transmission behavior of email relating to said first email account based on said statistics. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for monitoring transmission of email through a computer system, said computer system comprising a server and one or more clients having an email account, the method comprising:
-
(a) defining a model relating to prior transmission of email through said computer system derived from statistics relating to transmission behavior of prior emails transmitted through said computer system; (b) generating a baseline profile relating to the transmission behavior of email through said computer system; (c) gathering statistics relating to transmission behavior of selected email through said computer system; and (d) comparing said statistics relating to transmission behavior of selected email with said baseline profile. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
Specification