STOPPING AND REMEDIATING OUTBOUND MESSAGING ABUSE
First Claim
1. A method comprising:
- constructing a subscriber profile based on outbound message flow originated from a corresponding subscriber account associated with a service provider; and
identifying a behavior-based anomaly in the outbound message flow originated from the subscriber account, based on a comparison of the subscriber profile associated with the subscriber account to recent subscriber account usage information.
11 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are provided for allowing subscriber message sending profiles to be maintained and used in conjunction with behavior-based anomaly detection techniques and traditional content-based spam signature filtering to enable application of appropriate message disposition policies to outbound subscriber message traffic. According to one embodiment, subscriber profiles are constructed for multiple subscriber accounts associated with a service provider based on outbound message flow originated from the subscriber accounts. Then, possible subscriber account misuse may be discovered by performing behavior-based anomaly detection, including a comparison of a subscriber profile associated with the subscriber account with recent subscriber account usage information, to identify one or more behavioral anomalies in outbound message flow originated from a subscriber account, the behavior-based anomaly detection.
130 Citations
45 Claims
-
1. A method comprising:
-
constructing a subscriber profile based on outbound message flow originated from a corresponding subscriber account associated with a service provider; and identifying a behavior-based anomaly in the outbound message flow originated from the subscriber account, based on a comparison of the subscriber profile associated with the subscriber account to recent subscriber account usage information. - View Dependent Claims (2, 3, 4)
-
-
5. A method comprising:
-
identifying subscriber email account misuse with behavior-based anomaly detection including both stationary and nonstationary models; and redirecting suspect email traffic identified by the behavior-based anomaly detection based on application of a set of predefined message disposition policies.
-
-
6. A method comprising:
-
extracting behavior data from outbound messages originated from a subscriber account, wherein the behavior data includes attributes that are indicative of misuse of the subscriber account; building a profile for the subscriber account based on the behavior data; tracking said behavior data; and detecting a behavior-based anomaly for the outbound messages by comparing recent outbound messages originated from the subscriber account to the profile of the subscriber account to detect changes in the recent outbound messages in comparison to the profile of the subscriber account. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. A sender reputation gateway system, comprising:
-
a service and response system that services and responds to requests from at least one subscriber account; a behavior data extraction system that extracts behavior data of said at least one subscriber account from outbound messages originated from the subscriber account, the behavior data including attributes of the subscriber account that are indicative of misuse of the subscriber account; a profile builder system that builds a profile for the subscriber account based on the behavior data extracted from the outbound messages; a tracking system that tracks the behavior data; and an anomaly detection system that detects behavior-based anomalies for the outbound messages by comparing recent outbound messages originated from the subscriber account to the profile of the subscriber account to detect changes in the recent outbound messages in comparison to the profile of the subscriber account. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
22. Logic encoded in one or more tangible media that includes code for execution and when executed by one or more processors is operable to perform operations comprising:
-
extracting behavior data from outbound messages originated from a subscriber account, wherein the behavior data includes attributes that are indicative of misuse of the subscriber account; building a profile for the subscriber account based on the behavior data; tracking said behavior data; and detecting a behavior-based anomaly for the outbound messages by comparing recent outbound messages originated from the subscriber account to the profile of the subscriber account to detect changes in the recent outbound messages in comparison to the profile of the subscriber account. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
-
30. A method comprising:
-
extracting behavior data from outbound messages originated from a subscriber account; building a profile for the subscriber account based on the behavior data; and detecting a sending behavior anomaly in the outbound messages by comparing the outbound messages with the profile of the subscriber account. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
Specification