Method and apparatus for grouping spam email messages
First Claim
Patent Images
1. A method comprising:
- receiving, at a computer system, a plurality of spam email messages;
for at least one received spam email message having a size less than a threshold;
the computer system finding a feature in the spam email message;
the computer system repeatedly adding the feature to the spam email message until its size reaches the threshold;
the computer system subsequently performing comparisons involving the spam email messages to identify similar spam email messages;
the computer system creating a first group of spam email messages and a second group of spam email messages, wherein messages in the first group are similar to one another and pertain to a first type of spam attack, and wherein messages in the second groups are similar to one another and pertain to a second type of spam attack distinct from the first type of spam attack;
the computer system creating a filter for one or more of the first and second groups; and
the computer system distributing the created filters to a plurality of client computer systems for detection of spam email messages.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for grouping spam email messages are described. In one embodiment, the method includes receiving probe email messages indicative of spam and modifying the probe email messages to reduce noise. The method further includes comparing the probe email messages using fuzzy logic to identify similar email messages, and creating groups of similar email messages. Each of the created groups pertains to a distinct spam attack.
-
Citations
18 Claims
-
1. A method comprising:
-
receiving, at a computer system, a plurality of spam email messages; for at least one received spam email message having a size less than a threshold; the computer system finding a feature in the spam email message; the computer system repeatedly adding the feature to the spam email message until its size reaches the threshold; the computer system subsequently performing comparisons involving the spam email messages to identify similar spam email messages; the computer system creating a first group of spam email messages and a second group of spam email messages, wherein messages in the first group are similar to one another and pertain to a first type of spam attack, and wherein messages in the second groups are similar to one another and pertain to a second type of spam attack distinct from the first type of spam attack; the computer system creating a filter for one or more of the first and second groups; and the computer system distributing the created filters to a plurality of client computer systems for detection of spam email messages. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method comprising:
-
a computer system determining that a size of a newly received spam message is below a threshold; the computer system finding a feature in the new spam message; the computer system adding on the feature to the new spam message until the size of the new spam message reaches the threshold; upon the new spam message reaching the threshold, the computer system grouping the new spam message into an existing spam message group or a new spam message group; the computer system creating a filter for the group into which the new spam message has been grouped; and the computer system distributing the created filter to one or more client computer systems for detection of spam email messages. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A system comprising:
-
a processor; a memory storing program instructions that are executable by the processor to; receive a plurality of spam email messages; for one or more of those received spam email message having a size below a predetermined threshold; find a feature in the spam email message; append the feature to the spam email messages until its size reaches the predetermined threshold; subsequently compare the spam email messages to identify similar spam email messages; create at least two groups of spam email messages, wherein the spam email messages in each of the at least two groups are similar to other spam email messages in that group, and wherein each of the groups pertains to a distinct spam attack; create a filter for one or more of the at least two groups; and distribute resulting filters to a plurality of client computer systems for detection of spam email messages. - View Dependent Claims (13, 14, 15, 16)
-
-
17. An apparatus comprising:
-
means for receiving a plurality of spam email messages; means for repeatedly adding content to each of those received spam email messages having sizes less than a threshold, wherein the content added to a given received spam email message includes a feature found in that message; means for subsequently creating a group of similar ones of the received spam email messages; means for creating a filter for the group of similar spam email messages; and means for distributing the filter to one or more client computer systems for detection of spam email messages.
-
-
18. A computer readable medium comprising executable instructions which when executed on a processing system cause said processing system to perform a method comprising:
-
receiving a plurality of spam email messages; for each of one or more of those spam email messages having a size less than a predetermined threshold, adding a feature found in the spam email message to the spam email message until its size reaches the threshold; subsequently placing spam email messages in the received plurality of spam email messages into one of a plurality of groups, wherein spam email messages in a given one of the plurality of groups are similar to one another; creating a filter for one or more of the plurality of groups; and distributing the created one or more filters to a plurality of client computer systems for detection of spam email messages.
-
Specification