TECHNIQUE FOR DETECTING SUSPICIOUS ELECTRONIC MESSAGES
First Claim
1. A method of detecting suspicious electronic messages, wherein the method is performed in a messaging server which is in communication with a plurality of message senders and a plurality of message receivers, wherein the method comprises the steps of:
- receiving electronic messages sent from the plurality of message senders to at least one message receiver;
extracting from each received message at least one message sender feature AF and at least one message content feature CF;
recording the extracted at least one message sender features AF and at least one message content features CF in a database;
determining, on the basis of the message content features CFs recorded in the database, whether a specific content feature that can be associated with a current message has already been recorded in the past;
if the specific content feature has already been recorded in the past, determining, on the basis of the message sender features AFs recorded in the database, a number N of message senders that can be associated with the specific content feature; and
classifying the current message as suspicious if the determined number N of message senders that can be associated with the specific content feature exceeds a predetermined threshold value N1.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosure relates to a method of detecting suspicious electronic messages. The method is performed in a messaging server which is in communication with a plurality of message senders and a plurality of message receivers, and comprises the steps of: receiving electronic messages sent from the plurality of message senders to at least one message receiver; extracting from each received message at least one message sender feature and at least one message content feature; recording the extracted message sender features and message content features in a database; determining, on the basis of the message content features recorded in the database, whether a specific content feature that can be associated with a current message has already been recorded in the past; if the specific content feature has already been recorded in the past, determining, on the basis of the message sender features recorded in the database, a number of message senders that can be associated with the specific content feature; and classifying the current message as suspicious if the determined number of message senders that can be associated with the specific content feature exceeds a predetermined threshold value. Also disclosed is a messaging server implementing the above described method.
-
Citations
17 Claims
-
1. A method of detecting suspicious electronic messages, wherein the method is performed in a messaging server which is in communication with a plurality of message senders and a plurality of message receivers, wherein the method comprises the steps of:
-
receiving electronic messages sent from the plurality of message senders to at least one message receiver; extracting from each received message at least one message sender feature AF and at least one message content feature CF; recording the extracted at least one message sender features AF and at least one message content features CF in a database; determining, on the basis of the message content features CFs recorded in the database, whether a specific content feature that can be associated with a current message has already been recorded in the past; if the specific content feature has already been recorded in the past, determining, on the basis of the message sender features AFs recorded in the database, a number N of message senders that can be associated with the specific content feature; and classifying the current message as suspicious if the determined number N of message senders that can be associated with the specific content feature exceeds a predetermined threshold value N1. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A messaging server for detecting suspicious electronic messages, wherein the messaging server is in communication with a plurality of message senders and a plurality of message receivers, the messaging server being configured to receive electronic messages sent from the plurality of message senders to at least one message receiver, the server comprising:
-
an analysing unit configured to extract at least one message sender feature AF and at least one message content feature CF from each received message; a recording unit configured to record the extracted at least one message sender features AF and at least one message content features CF in a database; a determining unit configured to determine, on the basis of the message content features CFs recorded in the database, whether a specific content feature that can be associated with a current message has already been recorded in the past, and if the specific content feature has already been recorded in the past, to further determine, on the basis of the message sender features AF recorded in the database, a number N of message senders that can be associated with the specific content feature; and a classifying unit configured to classify the current message as suspicious if the determined number N of message senders that can be associated with the specific content feature exceeds a predetermined threshold value N1. - View Dependent Claims (17)
-
Specification