Time zero classification of messages
First Claim
Patent Images
1. A method of classifying messages, the method comprising:
- performing an individual characteristic analysis of a message, wherein the individual characteristic analysis includes comparing the individual characteristics of the message to individual characteristics of a previously received message, wherein the individual characteristic analysis yields a first probability of infection;
performing a traffic analysis of the message for identifying a spike in a number of previously received messages similar to the message, the previously received messages having been classified as suspicious, wherein the traffic analysis yields a second probability of infection;
determining an overall probability of infection based on the first probability and the second probability;
classifying the message as legitimate when the overall probability meets a threshold associated with legitimate messages, wherein the message is classified as suspicious or infectious when the overall probability fails to meet the threshold; and
processing the message in accordance with the classification, wherein the message is delivered when classified as legitimate or suspicious, and wherein the message is removed from a message queue when classified as infectious.
20 Assignments
0 Petitions
Accused Products
Abstract
Detecting infectious messages comprises performing an individual characteristic analysis of a message to determine whether the message is suspicious, determining whether a similar message has been noted previously in the event that the message is determined to be suspicious, classifying the message according to its individual characteristics and its similarity to the noted message in the event that a similar message has been noted previously.
132 Citations
19 Claims
-
1. A method of classifying messages, the method comprising:
-
performing an individual characteristic analysis of a message, wherein the individual characteristic analysis includes comparing the individual characteristics of the message to individual characteristics of a previously received message, wherein the individual characteristic analysis yields a first probability of infection; performing a traffic analysis of the message for identifying a spike in a number of previously received messages similar to the message, the previously received messages having been classified as suspicious, wherein the traffic analysis yields a second probability of infection; determining an overall probability of infection based on the first probability and the second probability; classifying the message as legitimate when the overall probability meets a threshold associated with legitimate messages, wherein the message is classified as suspicious or infectious when the overall probability fails to meet the threshold; and processing the message in accordance with the classification, wherein the message is delivered when classified as legitimate or suspicious, and wherein the message is removed from a message queue when classified as infectious. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system of classifying messages, the system comprising:
a processor that executes; a testing module stored in memory, wherein the testing module is executable to; perform an individual characteristic analysis of a message, wherein the individual characteristic analysis includes comparing the individual characteristics of the message to individual characteristics of a previously received message, wherein the individual characteristic analysis yields a first probability of infection, and perform a traffic analysis of the message for identifying a spike in a number of previously received messages similar to the message, the previously received messages having been classified as suspicious, wherein the traffic analysis yields a second probability of infection; instructions stored in memory, wherein the instructions are executable to determine an overall probability of infection based on the first probability and the second probability; a message classifier stored in memory, wherein the message classifier is executable to classify the message as legitimate when the overall probability meets a threshold associated with legitimate messages, wherein the message is classified as suspicious or infectious when the overall probability fails to meet the threshold; and a message forwarding device that processes the message in accordance with the classification, wherein the message is delivered when classified as legitimate or suspicious, and wherein the message is removed from a message queue when classified as infectious. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
19. A non-transitory computer-readable storage medium, having embodied thereon a program executable by a processor to perform a method of classifying messages, the method comprising:
-
performing an individual characteristic analysis of a message, wherein the individual characteristic analysis includes comparing the individual characteristics of the message to individual characteristics of a previously received message, wherein the individual characteristic analysis yields a first probability of infection; performing a traffic analysis of the message for identifying a spike in a number of previously received messages similar to the message, the previously received messages having been classified as suspicious, wherein the traffic analysis yields a second probability of infection; determining an overall probability of infection based on the first probability and the second probability; classifying the message as legitimate when the overall probability meets a threshold associated with legitimate messages, wherein the message is classified as suspicious when the overall probability fails to meet the threshold; and processing the message in accordance with the classification, wherein the message is delivered when classified as legitimate or suspicious, and wherein the message is removed from a message queue when classified as infectious.
-
Specification