System and method for analysis of electronic information dissemination events

US 8,370,948 B2
Filed: 03/19/2008
Issued: 02/05/2013
Est. Priority Date: 03/19/2008
Status: Active Grant

First Claim

Patent Images

1. A computerized system for determining an intent of a sender in transmitting electronic information in order to prevent unauthorized dissemination of the electronic information and to facilitate cost-effective handling of dissemination events, the system comprising:

computer hardware configured by instructions to determine whether a distribution list of the electronic information includes both a plurality of authorized addresses and one or more unauthorized addresses,and configured by instructions to determine whether the distribution list of the electronic information includes an unauthorized address whose edit distance from another authorized address is below a threshold,and configured by instructions to determine whether the sender replies to an original message using a reply to all feature to transmit the electronic information, and an original sender of the original message is authorized,and configured to execute an intention assessment unit to determine if the intent in sending the electronic information is malicious or a mistake, wherein the sender'"'"'s intent is determined to be a mistake if;

a distribution list of the electronic information includes both a plurality of authorized addresses and one or more unauthorized addresses, orthe distribution list of the electronic information includes an unauthorized address whose edit distance from another authorized address is below a threshold, orthe sender replies to an original message using a reply to all feature to transmit the electronic information, and an original sender of the original message is authorized.

View all claims

16 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for determining an intent of a sender in transmitting electronic information in order to prevent unauthorized dissemination of electronic information is disclosed. The system and method facilitate cost-effective handling of dissemination events and comprise a traffic analyzer configured to analyze descriptors of the electronic information and parameters of the transmission of the electronic information in order to determine the intent of the sender. By determining the intent of the sender, it is possible to effectively quarantine the electronic information before it is disseminated.

Citations

18 Claims

1. A computerized system for determining an intent of a sender in transmitting electronic information in order to prevent unauthorized dissemination of the electronic information and to facilitate cost-effective handling of dissemination events, the system comprising:
- computer hardware configured by instructions to determine whether a distribution list of the electronic information includes both a plurality of authorized addresses and one or more unauthorized addresses,and configured by instructions to determine whether the distribution list of the electronic information includes an unauthorized address whose edit distance from another authorized address is below a threshold,and configured by instructions to determine whether the sender replies to an original message using a reply to all feature to transmit the electronic information, and an original sender of the original message is authorized,and configured to execute an intention assessment unit to determine if the intent in sending the electronic information is malicious or a mistake, wherein the sender'"'"'s intent is determined to be a mistake if;
  
  a distribution list of the electronic information includes both a plurality of authorized addresses and one or more unauthorized addresses, orthe distribution list of the electronic information includes an unauthorized address whose edit distance from another authorized address is below a threshold, orthe sender replies to an original message using a reply to all feature to transmit the electronic information, and an original sender of the original message is authorized.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the electronic information comprises descriptors, and wherein the descriptors comprise at least one of the content of the message, the sender of the message, and a recipient of the message.
  - 3. The system of claim 1, wherein the intention assessment unit is configured to determine whether the electronic information should be disseminated.
  - 4. The system of claim 1, wherein the intention assessment unit is configured to determine whether the decision about dissemination of the information should be made by the sender.
  - 5. The system of claim 4, wherein the intention assessment unit evaluates a confidence level based on previously defined confidential information and a severity based at least in part on the potential damage if the electronic information is disseminated.
  - 6. The system of claim 1, wherein the electronic information comprises descriptors and parameters and wherein the intention assessment unit compares the descriptors and parameters of the electronic information to predefined scenarios in order to determine whether the electronic information should be disseminated.
  - 7. The system of claim 6, wherein the predefined scenarios are generated from previous electronic information dissemination events.

8. A computer-implemented method for determining an intent of a sender in transmitting electronic information in order to prevent unauthorized dissemination of the electronic information, the method comprising:
- receiving the electronic information from a computer network;
  
  determining descriptors and parameters of the electronic information, wherein the descriptors and parameters include a message distribution list;
  
  determining a first condition, based on the descriptors and parameters, of whether the message distribution list includes both a plurality of authorized addresses and one or more unauthorized addresses;
  
  determining a second condition, based on the descriptors and parameters, of whether the distribution list of the electronic information includes an unauthorized address whose edit distance from another, authorized address is below a threshold, ordetermining a third condition, based on the descriptors and parameters, of whether the sender replies to an original message using a reply to all feature to transmit the electronic information, and an original sender of the original message is authorized; and
  
  determining the sender mistakenly transmitted the electronic information if at least one of the first condition, second condition, and third condition are true;
  
  sending a network message to the sender if the sender mistakenly transmitted the electronic information.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 9. The method of claim 8, further comprising determining whether the intent of the sender is malicious.
  - 10. The method of claim 8, further comprising:
    - determining a confidence level based on a level of similarity of the electronic information to previously defined confidential information;
      
      determining a severity based at least in part on the potential damage if the electronic information is disseminated; and
      
      determining the intent of the sender based, at least in part, on the severity and the confidence level.
  - 11. The method of claim 10, further comprising determining whether the electronic information should be quarantined based, at least in part, on the determined intent of the sender.
  - 12. The method of claim 11, further comprising determining whether the decision about releasing the electronic information from the quarantine should be made by the sender based, at least in part, on the determined intent of the sender.
  - 13. The method of claim 8, further comprising comparing the descriptors and parameters of the electronic information to predefined scenarios in order to determine the intent of the sender.
  - 14. The method of claim 13, wherein comparing the descriptors and parameters of the electronic information to predefined scenarios comprises finding a nearest neighbor between the descriptors and parameters and the predefined scenarios.
  - 15. The method of claim 8, further comprising applying heuristics based on the email addresses of the sender and one or more recipients in the distribution list to assess the intention of the sender.
  - 16. The method of claim 8, further comprising determining whether the electronic information should be disseminated based, at least in part, on the determined intent of the sender.
  - 17. The method of claim 8, further comprising using the determined intent of the sender in determining whether the decision about dissemination of the information should be made by the sender.
  - 18. The method of claim 11, further comprising informing the sender of the actions required to release the message from quarantine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint LLC (Francisco Partners Management LLC)
Original Assignee
Forcepoint LLC (Francisco Partners Management LLC)
Inventors
Troyansky, Lidror
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
WILLIAMS, JEFFERY L

Application Number

US12/051,709
Publication Number

US 20090241197A1
Time in Patent Office

1,784 Days
Field of Search

None
US Class Current

726/26
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 51/234   for tracking messages

H04L 63/0236   Filtering by address, proto...

H04L 63/0245   Filtering by information in...

H04L 63/145   the attack involving the pr...

System and method for analysis of electronic information dissemination events

First Claim

16 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for analysis of electronic information dissemination events

First Claim

16 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links