System and method for dynamic spam detection
First Claim
1. Within a message processing entity a computer-implemented method for detecting spam, the computer-implemented method comprising:
- receiving, at a gateway, a Short Message Service (SMS) message, the SMS message comprising an originating address and a destination address;
processing the SMS message, including at least;
updating, in a cache, an entry for the originating address, including at least incrementing by one a first counter in the cache entry when the destination address is unique for the originating address within a first time window representative of a first period of time,evaluating a value of the first counter for the cache entry;
evaluating a value of a second counter that was operative within a second time window representative of a second period of time prior to the first period of time and incremented by one when, upon receipt of another SMS message, the destination address thereof was unique for the originating address, andwhen the value of the first counter and the value of the second counter exceed respective defined thresholds setting a spam indicator; and
responsive to the spam indicator being set, performing one or more remediation activities including at least updating a blacklist.
1 Assignment
0 Petitions
Accused Products
Abstract
A flexible, extensible, and dynamically configurable anti-spam facility that operates on a general quanta of data (such as for example a Short Message Service message, a Multimedia Message Service message, an Internet Protocol Multimedia Subsystem message, a Wireless Application Protocol stream, an Electronic Mail message, an Instant Messaging exchange, streaming (audio, video, etc.) data, etc.), innovatively analyzes various attributes of same (such as for example originating address and destination address), and—when an instance of spam is identified—performs one or more remediation activities (such as for example updating a blacklist, updating a greylist, dropping a message, issuing an alert, etc.). The facility may optionally leverage the capabilities of a centrally-located Messaging Inter-Carrier Vendor.
72 Citations
10 Claims
-
1. Within a message processing entity a computer-implemented method for detecting spam, the computer-implemented method comprising:
-
receiving, at a gateway, a Short Message Service (SMS) message, the SMS message comprising an originating address and a destination address; processing the SMS message, including at least; updating, in a cache, an entry for the originating address, including at least incrementing by one a first counter in the cache entry when the destination address is unique for the originating address within a first time window representative of a first period of time, evaluating a value of the first counter for the cache entry; evaluating a value of a second counter that was operative within a second time window representative of a second period of time prior to the first period of time and incremented by one when, upon receipt of another SMS message, the destination address thereof was unique for the originating address, and when the value of the first counter and the value of the second counter exceed respective defined thresholds setting a spam indicator; and responsive to the spam indicator being set, performing one or more remediation activities including at least updating a blacklist. - View Dependent Claims (2, 3, 4)
-
-
5. Within a message processing entity a computer-implemented method for detecting spam, the computer-implemented method comprising:
-
receiving, at a gateway, a Short Message Service (SMS) message; processing the SMS message, including at least creating a message processing artifact, the message processing artifact comprising an originating address and a destination address; updating, in a cache, an entry for the originating address, including at least incrementing by one a first counter in the cache entry when the destination address is unique for the originating address within a first time window representative of a first period of time; and accessing a second counter in the cache that was operative within a second time window representative of a second period of time prior to the first period of time and incremented by one when, upon receipt of another SMS message, the destination address thereof was unique for the originating address, and when the value of the first counter and the value of the second counter exceed respective defined thresholds, performing one or more remediation activities including at least updating a blacklist. - View Dependent Claims (6, 7, 8, 9, 10)
-
Specification