MULTISTAGE ANALYSIS OF EMAILS TO IDENTIFY SECURITY THREATS

MULTISTAGE ANALYSIS OF EMAILS TO IDENTIFY SECURITY THREATS

Access to emails delivered to an employee of an enterprise is received. An incoming email addressed to the employee is acquired. A primary attribute is extracted from the incoming email by parsing at least one of: (1) content of the incoming email or (2) metadata associated with the incoming email....

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Jeyakumar, Sanjay, Chechik, Dmitry, Lee, Yu Zhou, Liao, Sanny Xiao Lang, Kao, Jeremy, Yeh, Cheng-Lin, Reiser, Evan, Bratman, Jeshua Alexis, Bagri, Abhijit, Gasperi, Carlos Daniel, Lau, Kevin, Tan, Su Li Debbie, Jiang, Kai Jing
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FORADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORYOR FORECASTING PURPOSES
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE,COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTINGPURPOSES, NOT OTHERWISE PROVIDED FOR
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Access to emails delivered to an employee of an enterprise is received. An incoming email addressed to the employee is acquired. A primary attribute is extracted from the incoming email by parsing at least one of: (1) content of the incoming email or (2) metadata associated with the incoming email. It is determined whether the incoming email deviates from past email activity, at least in part by determining, as a secondary attribute, a mismatch between a previous value for the primary attribute and a current value for the primary attribute, using a communication profile associated with the employee, and providing a measured deviation to at least one machine learning model.