白丝美女被狂躁免费视频网站,500av导航大全精品,yw.193.cnc爆乳尤物未满,97se亚洲综合色区,аⅴ天堂中文在线网官网

Detecting and analyzing phishing attacks through artificial intelligence

專利號(hào)
US11997138B1
公開日期
2024-05-28
申請(qǐng)人
KING FAISAL UNIVERSITY(SA Al Hasa)
發(fā)明人
Ahmed Alyahya; Mohammed Alzahrani
IPC分類
H04L9/40
技術(shù)領(lǐng)域
phishing,email,persuasion,message,spam,emails,in,recipient,signs,or
地域: Al Hasa

摘要

Detection of phishing messages in network communications is performed by receiving a transmitted message and detecting characteristics of the message. A determination is made if the message matches a pattern of a phishing message in a database, and classifies the message as a phishing or spam message accordingly. If the message does not match a known phishing message pattern, the message is checked for common signs of phishing or spam by determining the severity of a threat embodied by the message, and the message is categorized as having phishing characteristics and according to the severity of threat. In response the user responses to determinations of threats, criteria for detection of phishing characteristics is adjusted, thereby automatically revising criteria for future decisions as to whether the message represents suspected phishing.

說明書

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
BACKGROUND Technical Field

The present disclosure relates to anti-spam software and specifically anti-phishing software implementing artificial intelligence.

Background Art

In the field of cybersecurity, “social engineering” is the art of psychologically “hacking” into human response (i.e., persuasion) to obtain sensitive information such passwords and credit cards details, etc. Social engineering relies on the fact that humans are often the weakest link in the information security chain. Regardless of the strength and types of protection available, the chain can be easily broken if a person makes a single wrong decision, leading to security problems where it has been mentioned that most of cybersecurity attacks are due to human error.

Malicious hackers (“computer crackers” and other malicious actors) use different methods of social engineering, however, a fast-growing and very common one is called “phishing”. In this technique, malicious actors usually use emails and other forms of communication and present themselves as trusted and authorized sources in order to persuade their targets to respond to their phishing emails. The malicious actor then attempts to steal sensitive information from their victims. Responding to phishing causes significant financial loses, and in some cases, companies can lose their reputation and individuals might lose their jobs.

權(quán)利要求

1
What is claimed is:1. A method for detecting phishing messages in network communications, the method comprising:receiving a transmitted message and detecting characteristics of the message;determining if the message matches a pattern of a phishing message in a database;in the case of the message matching a known phishing message, classifying the message as spam or a phishing message and moved to a phishing or spam folder;in the case of the message not matching a known phishing message pattern, checking the message for common signs of phishing or spam by determining the severity of a threat embodied by the message, and categorizing the message as having phishing characteristics;in the case of a determination of a low probability of phishing characteristics, not further process the message for phishing;in the case of a determination of a high or moderate probability of phishing characteristics, classifying the message as presenting signs of a phishing attempt;in the case of a determination indicating phishing with a high accuracy, classifying the message as presenting signs of a phishing attempt with a high accuracy, and sending a warning message of a high probability of phishing to the recipient; andin the case of a determination indicating phishing with a moderate or medium accuracy, classifying the message as presenting signs of a phishing attempt with a moderate or medium accuracy, and sending a warning message of a moderate probability of phishing.2. The method of claim 1, wherein message text processing addresses text patterns and words, and includes text manipulation by converting text to lowercase and stripped of special characters, numbers, and stop words that could obfuscate the message intended to be conveyed by the text,and wherein analysis of metadata comprises information in transport headers of the message.3. The method of claim 2, further comprising:receiving user responses to determinations of the high or moderate probability of phishing characteristics; andresponsive to the user responses to the determinations, adjusting criteria for detection of phishing characteristics, thereby automatically revising criteria for future decisions as to whether the message represents suspected phishing.4. The method of claim 2, further comprising:the detecting characteristics of the message comprising performing transformations on the message, and the determining if the message matches a pattern of of a phishing message comprising analyzing the message based on the transformations;receiving user responses to determinations of the probability of phishing characteristics; andresponsive to the user responses to the determinations, adjusting criteria for detection of phishing characteristics, thereby automatically revising criteria for future decisions as to whether the message represents suspected phishing.5. The method of claim 1, further comprising:receiving user responses to determinations of the high or moderate probability of phishing characteristics; andresponsive to the user responses to the determinations, adjusting criteria for detection of phishing characteristics, thereby automatically revising criteria for future decisions as to whether the message represents suspected phishing.6. The method of claim 1, further comprising:the detecting characteristics of the message comprising performing transformations on the message, and the determining if the message matches a pattern of of a phishing message comprising analyzing the message based on the transformations;receiving user responses to determinations of the probability of phishing characteristics; andresponsive to the user responses to the determinations, adjusting criteria for detection of phishing characteristics, thereby automatically revising criteria for future decisions as to whether the message represents suspected phishing.7. A non-transitory storage medium storing instructions that, when executed on a processor, performs a method for detecting phishing messages in network communications, the method comprising:a first step of receiving a transmitted message and detecting characteristics of the message;a second step of determining if the message matches a pattern of a phishing message in a database;a third step of, in the case of the message matching a known phishing message, classifying the message as a phishing or spam message and moved to a phishing or phishing or spam folder, and in the case of the message not matching a known phishing message pattern, checking the message for common signs of phishing or spam by determining the severity of a threat embodied by the message, and categorizing the message as having phishing characteristics, and in the case of a determination of a low probability of phishing characteristics not further process the message for phishing;a fourth step of, in the case of a determination of a high or moderate probability of phishing characteristics, classifying the message as presenting signs of a phishing attempt; anda fifth step of, in the case of a determination indicating phishing with a high accuracy, classifying the message as presenting signs of a phishing attempt with a high accuracy, and sending a warning message of a high probability of phishing to the recipient, and in the case of a determination indicating phishing with a moderate or medium accuracy, classifying the message as presenting signs of a phishing attempt with a moderate or medium accuracy, and sending a warning message of a moderate probability of phishing.8. The non-transitory storage medium of claim 7, wherein message text processing addresses text patterns and words, and includes text manipulation by converting text to lowercase and stripped of special characters, numbers, and stop words that could obfuscate the message intended to be conveyed by the text, andwherein analysis of metadata comprises information in transport headers of the message.9. The non-transitory storage medium of claim 8, further storing instructions for:receiving user responses to determinations of the high or moderate probability of phishing characteristics; andresponsive to the user responses to the determinations, adjusting criteria for detection of phishing characteristics, thereby automatically revising criteria for future decisions as to whether the message represents suspected phishing.10. The non-transitory storage medium of claim 8, further storing instructions for:receiving user responses to determinations of the probability of phishing characteristics; andresponsive to the user responses to the determinations, adjusting criteria for detection of phishing characteristics, thereby automatically revising criteria for future decisions as to whether the message represents suspected phishing;wherein the detecting characteristics of the message comprising performing transformations on the message, and wherein the determining if the message matches a pattern of a phishing message comprising analyzing the message based on the transformations.11. The non-transitory storage medium of claim 7, further storing instructions for:receiving user responses to determinations of the high or moderate probability of phishing characteristics; andresponsive to the user responses to the determinations, adjusting criteria for detection of phishing characteristics, thereby automatically revising criteria for future decisions as to whether the message represents suspected phishing.12. The non-transitory storage medium of claim 7, further storing instructions for:receiving user responses to determinations of the probability of phishing characteristics; andresponsive to the user responses to the determinations, adjusting criteria for detection of phishing characteristics, thereby automatically revising criteria for future decisions as to whether the message represents suspected phishing;wherein the detecting characteristics of the message comprising performing transformations on the message, and wherein the determining if the message matches a pattern of a phishing message comprising analyzing the message based on the transformations.
微信群二維碼
意見反饋