Email spoofing detection via infrastructure machine learning
First Claim
1. A computer implemented method comprising a hardware processor for detecting a spoofed information packet, the method comprising the steps of:
- building a database from data values from predetermined designated fields of metadata from a previously received information packet and a currently received information packet, further including the steps of;
locating the predetermined designated fields within the metadata of the previously received information packet;
extracting a value from each of the predetermined designated fields within the metadata of the previously received information packet;
updating the database with each value extracted from the metadata of the previously received information packet and storing each extracted value into at least one data structure of a group of data structures within the database;
locating the predetermined designated fields within the metadata of the currently received information packet;
extracting a value from each of the predetermined designated fields of metadata of the currently received information packet;
updating the database with each value extracted from the currently received information packet and storing each extracted value from each of the predetermined designated fields of the currently received information packet into at least one of a data structure of the group of data structures within the database, such that each value extracted from the predetermined designated fields of the currently received information packet will be stored within a data structure of the group of data structures, which comprises a designation of the predetermined designated field from which the value was extracted;
the step of building the database further includes the predetermined designated fields comprise a from domain value, a sender domain value, a return-path domain value, an Internet Protocol address value, or combinations thereof;
wherein the group of data structures, comprise;
a first data structure comprising a from domain predetermined designated field designation value corresponding to an Internet Protocol address predetermined designated field designation value;
a second data structure comprising a sender domain predetermined designated field designation value corresponding to the Internet Protocol address predetermined designated field designation value;
a third data structure comprising a return-path domain predetermined designated field designation value corresponding to the Internet Protocol address predetermined designated field designation value;
a fourth data structure comprising the from domain predetermined designated field designation value corresponding to the return-path domain predetermined designated field designation value;
a fifth data structure comprising the sender domain predetermined designated field designation value corresponding to the return-path domain predetermined designated field designation value andgenerating, by the hardware processor, a spoofed score for the currently received information packet.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for detecting a spoofed information packet, includes the steps of building a database from a data value from predetermined designated fields of metadata from a previously and currently received information packet, which includes locating the predetermined designated fields within the previously received information packet metadata; extracting a value from each of the predetermined designated fields; and updating the database with each value with storing each value into at least one data structure of a group of data structures within the database. The method also includes locating predetermined designated fields within metadata of the currently received information packet within data structures, extracting the values from the fields, updating the data base with values extracted and generating a spoofed score for the currently received information packet.
-
Citations
19 Claims
-
1. A computer implemented method comprising a hardware processor for detecting a spoofed information packet, the method comprising the steps of:
-
building a database from data values from predetermined designated fields of metadata from a previously received information packet and a currently received information packet, further including the steps of; locating the predetermined designated fields within the metadata of the previously received information packet; extracting a value from each of the predetermined designated fields within the metadata of the previously received information packet; updating the database with each value extracted from the metadata of the previously received information packet and storing each extracted value into at least one data structure of a group of data structures within the database; locating the predetermined designated fields within the metadata of the currently received information packet; extracting a value from each of the predetermined designated fields of metadata of the currently received information packet; updating the database with each value extracted from the currently received information packet and storing each extracted value from each of the predetermined designated fields of the currently received information packet into at least one of a data structure of the group of data structures within the database, such that each value extracted from the predetermined designated fields of the currently received information packet will be stored within a data structure of the group of data structures, which comprises a designation of the predetermined designated field from which the value was extracted; the step of building the database further includes the predetermined designated fields comprise a from domain value, a sender domain value, a return-path domain value, an Internet Protocol address value, or combinations thereof; wherein the group of data structures, comprise; a first data structure comprising a from domain predetermined designated field designation value corresponding to an Internet Protocol address predetermined designated field designation value; a second data structure comprising a sender domain predetermined designated field designation value corresponding to the Internet Protocol address predetermined designated field designation value; a third data structure comprising a return-path domain predetermined designated field designation value corresponding to the Internet Protocol address predetermined designated field designation value; a fourth data structure comprising the from domain predetermined designated field designation value corresponding to the return-path domain predetermined designated field designation value; a fifth data structure comprising the sender domain predetermined designated field designation value corresponding to the return-path domain predetermined designated field designation value and generating, by the hardware processor, a spoofed score for the currently received information packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification