Classifying a message based on likelihood of spoofing
First Claim
Patent Images
1. A method of classifying a message transmitted over a network, the method comprising:
- receiving the message transmitted over the network and addressed to a recipient; and
executing instructions stored in a non-transitory computer readable storage medium to;
identify one or more domains from which the received message is purported to have traversed,identify that the identified domains appear on a whitelist associated with the recipient,identify whether at least one domain of the one or more domains has been spoofed based on whether a common classification appears across a plurality of IP addresses associated with the one or more domains, wherein;
the one or more domains are identified not to be spoofed when the one or more domains are in the whitelist and have the common classification appearing across the plurality of IP addresses, andthe at least one domain of the one or more domains is identified to be spoofed when the one or more domains are in the whitelist and have different classifications associated with the plurality of IP addresses, andclassify the received message based on the identification that the at least one domain of the one or more domains has been or has not been spoofed.
26 Assignments
0 Petitions
Accused Products
Abstract
A technique for determining a boundary IP address is disclosed. The technique includes processing a header to extract candidate IP address, locating a gateway IP address, and selecting the boundary IP address based on the location of the gateway IP address.
41 Citations
20 Claims
-
1. A method of classifying a message transmitted over a network, the method comprising:
-
receiving the message transmitted over the network and addressed to a recipient; and executing instructions stored in a non-transitory computer readable storage medium to; identify one or more domains from which the received message is purported to have traversed, identify that the identified domains appear on a whitelist associated with the recipient, identify whether at least one domain of the one or more domains has been spoofed based on whether a common classification appears across a plurality of IP addresses associated with the one or more domains, wherein; the one or more domains are identified not to be spoofed when the one or more domains are in the whitelist and have the common classification appearing across the plurality of IP addresses, and the at least one domain of the one or more domains is identified to be spoofed when the one or more domains are in the whitelist and have different classifications associated with the plurality of IP addresses, and classify the received message based on the identification that the at least one domain of the one or more domains has been or has not been spoofed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system of classifying a message transmitted over a network, the system comprising:
-
a communication interface that receives the message transmitted over the network and addressed to a recipient; and a processor that executes instructions stored in a non-transitory computer readable storage medium to; identify one or more associated domains from which the received message is purported to have traversed, identify that the identified domains appear on a whitelist associated with the recipient, identify whether at least one domain of the one or more domains has been spoofed based on whether a common classification appears across a plurality of IP addresses associated with the one or more domains, wherein; the one or more domains are identified as not to be spoofed when the one or more domains are in the whitelist and have the common classification appearing across the plurality of IP addresses, and the at least one domain of the one or more domains is identified to be spoofed when the one or domains are in the whitelist and have different classifications associated with the plurality of IP addresses, and classify the received message based on the identification that the at least one domain of the one or more domains has has been or has not been spoofed. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable storage medium, having embodied thereon a program executable by a processor to perform a method for classifying a message transmitted over a network, the method comprising:
-
receiving the message transmitted over the network and addressed to a recipient; identifying one or more associated domains from which the received message is purported to have traversed; identifying that the one or more identified domains determined domain appears in a whitelist associated with the recipient; identifying whether at least one domain of the one or more domains have been spoofed based on whether a common classification appears across a plurality of IP addresses associated with the one or more domains, wherein; the one or more domains are identified as not to be spoofed when the one or more domains are in whitelist and have the common classification appearing across the plurality of IP addresses, and the at least one domain is of the one or more domains are identified to be spoofed when the received message is on the whitelist but have different classifications appearing across the plurality of IP addresses; and classifying the received message based on the identification that the one or more domains has been or has not been spoofed. - View Dependent Claims (20)
-
Specification