Time zero classification of messages
First Claim
Patent Images
1. A method of re-classifying messages, the method comprising:
- classifying one or more previously received messages, wherein the classification is based on intrinsic characteristics and traffic information associated with the one or more previously received message;
receiving a new message, wherein the new message has not yet been classified;
executing instructions stored in memory, wherein execution of the instructions by a processor;
analyzes intrinsic characteristics of the new message, wherein the intrinsic characteristic analysis yields a first probability that the received message is infectious, and wherein the intrinsic characteristics identifies that the new message is similar to one or more of the previously received messages that have been classified as being legitimate,analyzes traffic information associated with the new message, wherein the traffic information analysis yields a second probability that the new message is infectious,identifies the one or more previously received messages that were previously classified and identified as similar to the new message, andreclassifies the one or more previously received messages as being infectious.
27 Assignments
0 Petitions
Accused Products
Abstract
Detecting infectious messages comprises performing an individual characteristic analysis of a message to determine whether the message is suspicious, determining whether a similar message has been noted previously in the event that the message is determined to be suspicious, classifying the message according to its individual characteristics and its similarity to the noted message in the event that a similar message has been noted previously.
-
Citations
18 Claims
-
1. A method of re-classifying messages, the method comprising:
-
classifying one or more previously received messages, wherein the classification is based on intrinsic characteristics and traffic information associated with the one or more previously received message; receiving a new message, wherein the new message has not yet been classified; executing instructions stored in memory, wherein execution of the instructions by a processor; analyzes intrinsic characteristics of the new message, wherein the intrinsic characteristic analysis yields a first probability that the received message is infectious, and wherein the intrinsic characteristics identifies that the new message is similar to one or more of the previously received messages that have been classified as being legitimate, analyzes traffic information associated with the new message, wherein the traffic information analysis yields a second probability that the new message is infectious, identifies the one or more previously received messages that were previously classified and identified as similar to the new message, and reclassifies the one or more previously received messages as being infectious. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system of reclassifying messages, the system comprising:
-
a message forwarding device that receives new messages, wherein the new messages have not yet been classified; and a detection mechanism that includes instructions stored in memory to be executed by a processor, wherein the instructions are executed by the processor to; classify one or more previously received messages, wherein the classification is based on intrinsic characteristics and traffic information associated with the one or more previously received message, analyze intrinsic characteristics of the new message, wherein the intrinsic characteristic analysis yields a first probability that the received message is infectious, and wherein the intrinsic characteristics identifies that the new message is similar to one or more of the previously received messages that have been classified as being legitimate, analyze traffic information associated with the new message, wherein the traffic information analysis yields a second probability that the new message is infectious, identify the one or more previously received messages that were previously classified and identified as similar to the new message, and reclassify the one or more previously received messages as being infectious. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer readable storage medium having embodied thereon a program, the program being executable by a processor to perform a method of re-classifying messages, the method comprising:
-
classifying one or more previously received messages, wherein the classification is based on intrinsic characteristics and traffic information associated with the one or more previously received message; receiving a new message, wherein the new message has not yet been classified; analyzing intrinsic characteristics of the new message, wherein the intrinsic characteristic analysis yields a first probability that the received message is infectious, and wherein the intrinsic characteristics identifies that the new message is similar to one or more of the previously received messages that have been classified as being legitimate; analyzing traffic information associated with the new message, wherein the traffic information analysis yields a second probability that the new message is infectious; identifying the one or more previously received messages that were previously classified and identified as similar to the new message; and reclassifying the one or more previously received messages as being infectious. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification