Social Engineering Protection Appliance
First Claim
1. A computer-implemented method of analyzing incoming emails, the method comprising:
- extracting one or more non-semantic data items from an incoming email;
determining whether one or more of the non-semantic data items match information stored in a data store of previously collected information;
performing behavioral analysis on one or more of the non-semantic data items;
analyzing semantic data associated with the incoming email to determine whether the semantic data matches one or more patterns associated with malicious emails; and
based on the determining, performing, and analyzing, identifying the incoming email as potentially malicious or non-malicious.
10 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for detecting social engineering attacks comprise: extracting one or more non-semantic data items from an incoming email; determining whether the one or more non-semantic data items match information stored in a data store of previously collected information; performing behavioral analysis on the one or more non-semantic data items; analyzing semantic data associated with the email to determine whether the non-semantic data matches one or more patterns associated with malicious emails; and based on the determining, performing, and analyzing, identifying the email as potentially malicious or non-malicious. The system also includes processes for collecting relevant information for storage within the data store and processes for harvesting information from detected social engineering attacks for entry into the data store and seeding of the collection processes.
191 Citations
20 Claims
-
1. A computer-implemented method of analyzing incoming emails, the method comprising:
-
extracting one or more non-semantic data items from an incoming email; determining whether one or more of the non-semantic data items match information stored in a data store of previously collected information; performing behavioral analysis on one or more of the non-semantic data items; analyzing semantic data associated with the incoming email to determine whether the semantic data matches one or more patterns associated with malicious emails; and based on the determining, performing, and analyzing, identifying the incoming email as potentially malicious or non-malicious. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for analyzing incoming emails, the system comprising:
-
a processing system comprising one or more processors; and a memory system comprising one or more computer-readable media, wherein the computer-readable media store instructions that, when executed by the processing system, cause the system to perform the operations of; extracting one or more non-semantic data items from an incoming email; determining whether one or more of the non-semantic data items match information stored in a data store of previously collected information; performing behavioral analysis on one or more of the non-semantic data items; analyzing semantic data associated with the incoming email to determine whether the semantic data matches one or more patterns associated with malicious emails; and based on the determining, performing, and analyzing, identifying the email as potentially malicious or non-malicious. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification