Patent application number | Description | Published |
20130226908 | DETECTION AND PREVENTION OF UNWANTED CONTENT ON CLOUD-HOSTED SERVICES - The problem of abuse of privileges at cloud-hosted service sites is addressed by connecting a single individual or “actor” with multiple user accounts and/or other online identities, thereby creating a “consolidated profile.” In this way a confidence level can be established that a particular user account, IP address or other identifying attribute is associated with a particular actor. Different confidence levels may suffice depending on the remediary action to be taken; for example, holding a message for human review is obviously less draconian than rejecting the actor's registration at sign-up, and would therefore require a lower degree of confidence. | 08-29-2013 |
20130226938 | DETECTION AND PREVENTION OF UNWANTED CONTENT ON CLOUD-HOSTED SERVICES - The problem of abuse of privileges at cloud-hosted service sites is addressed by associating each user, preferably across multiple cloud-hosted service sites, with an individual “suspiciousness” score that may vary over time as additional user actions are detected and evaluated. Knowledge of the user is employed to better analyze the appropriateness or acceptability of user actions on the site. | 08-29-2013 |
20130227016 | DETECTION AND PREVENTION OF UNWANTED CONTENT ON CLOUD-HOSTED SERVICES - The problem of abuse of privileges at cloud-hosted service sites is addressed at the sign-up stage by identifying suspicious or abusive users and preventing them from signing up in the first place. This approach may utilize a relatively small initial data set based on the recognition that while abusers' profiles are mutable and difficult to characterize stably abusers will deliberately shift their usage patterns to evade detection—a site's legitimate users tend to have similar and stable characteristics; that is, such characteristics are “cohesive” across cloud-hosted service (e.g., social media) sites and their users. The information gleaned from analysis of this small data set can be applied to a much larger, unsorted data set to obtain profiling criteria based on a large population for statistical reliability. | 08-29-2013 |
Patent application number | Description | Published |
20090220166 | FILTER FOR BLOCKING IMAGE-BASED SPAM - A network device and method are directed towards detecting and blocking image spam within a message by employing a weighted min-hash to perform a near duplicate detection (NDD) of determined features within an image as compared to known spam images. The weighting for the min-hash is determined based on employing a machine learning algorithm, such as a perceptron, to identify an importance of each bit in a signature vector of the image. The signature vector is generated by extracting a shape of text in the image using a Discrete Cosine Transform, extracting low-frequency characteristics using a high-pass filter, and then performing various morphological operations to emphasize the shape of the text and reduce noise. Selected feature bits are extracted from the lowest frequency and intensity bits of the resulting signal to generate the signature vector used in the weighted min-hash NDD. | 09-03-2009 |
20100076922 | DETECTING BULK FRAUDULENT REGISTRATION OF EMAIL ACCOUNTS - The invention provides for at least three processes for detecting the probability of abusive use of a message account for sending large amounts of unsolicited messages, such as spam, to other message accounts. For example, information provided at registration for a new message account can be processed to determine the likelihood of abusive use of that message account. Also, inbound messages can be processed to determine if the message account that sent the inbound message is abusing the use of that message account. Additionally, outbound messages can be processed to determine if the message account that is attempting to send an outbound message is abusing the use of that message account. Each of these three processes can operate separately or in any combination with each other to further improve the probability that abusive use of a message account will be detected promptly and accurately. | 03-25-2010 |
20100077040 | DETECTION OF OUTBOUND SENDING OF SPAM - The invention provides for at least three processes for detecting the probability of abusive use of a message account for sending large amounts of unsolicited messages, such as spam, to other message accounts. For example, information provided at registration for a new message account can be processed to determine the likelihood of abusive use of that message account. Also, inbound messages can be processed to determine if the message account that sent the inbound message is abusing the use of that message account. Additionally, outbound messages can be processed to determine if the message account that is attempting to send an outbound message is abusing the use of that message account. Each of these three processes can operate separately or in any combination with each other to further improve the probability that abusive use of a message account will be detected promptly and accurately. | 03-25-2010 |
20100077043 | DETECTING SPAM FROM A BULK REGISTERED E-MAIL ACCOUNT - The invention provides for at least three processes for detecting the probability of abusive use of a message account for sending large amounts of unsolicited messages, such as spam, to other message accounts. For example, information provided at registration for a new message account can be processed to determine the likelihood of abusive use of that message account. Also, inbound messages can be processed to determine if the message account that sent the inbound message is abusing the use of that message account. Additionally, outbound messages can be processed to determine if the message account that is attempting to send an outbound message is abusing the use of that message account. Each of these three processes can operate separately or in any combination with each other to further improve the probability that abusive use of a message account will be detected promptly and accurately. | 03-25-2010 |
20100082749 | RETROSPECTIVE SPAM FILTERING - A mail system and mail delivery method wherein messages are tracked even after delivery and can be removed from a spam folder post delivery. In a disclosed embodiment mail features indicative of spam or normal email are analyzed and appended to the message header, which is later examined and used to move a reclassified message. False negative and false positive classification can be rectified. | 04-01-2010 |
20100082800 | CLASSIFICATION AND CLUSTER ANALYSIS SPAM DETECTION AND REDUCTION - Multiple features of email traffic are analyzed and extracted. Feature vectors comprising the multiple features are created and cluster analysis is utilized to track spam generation even from dynamically changing or aliased IP addresses. | 04-01-2010 |
20100145900 | SPAM FILTERING BASED ON STATISTICS AND TOKEN FREQUENCY MODELING - Embodiments are directed towards classifying messages as spam using a two phased approach. The first phase employs a statistical classifier to classify messages based on message content. The second phase targets specific message types to capture dynamic characteristics of the messages and identify spam messages using a token frequency based approach. A client component receives messages and sends them to the statistical classifier, which determines a probability that a message belongs to a particular type of class. The statistical classifier further provides other information about a message, including, a token list, and token thresholds. The message class, token list, and thresholds are provided to the second phase where a number of spam tokens in a given message for a given message class are determined. Based on the threshold, the client component then determines whether the message is spam or non-spam. | 06-10-2010 |
20110185024 | EMBEDDABLE METADATA IN ELECTRONIC MAIL MESSAGES - Disclosed are apparatus and methods for annotating an electronic mail message and processing the annotated electronic mail message. More particularly, an electronic mail message may be generated and annotated such that the electronic mail message includes metadata identifying data provided in the electronic mail message. The electronic mail message may then be transmitted. When the annotated electronic mail message is received, at least a portion of the metadata may be obtained from the electronic mail message. At least a portion of the data in the electronic mail message may be identified using at least a portion of the metadata. At least a portion of the identified data in the electronic mail message may then be processed. | 07-28-2011 |
20120173533 | MINING GLOBAL EMAIL FOLDERS FOR IDENTIFYING AUTO-FOLDER TAGS - Embodiments are directed towards identifying auto-folder tags for messages by using a combinational optimization approach of bi-clustering folder names and features of messages based on relationship strengths. The combinational optimization approach of bi-clustering, generally, groups a plurality of folder names and a plurality of features into one or more metafolders to optimize a cost. The cost is based on an aggregate of cut relationship strengths, where a cut results when a relationship folder name and feature are grouped in separate metafolders. Furthermore, the plurality of folder names and the plurality of features are obtained by monitoring actions of a plurality of users, where the folder names are user generated folder names and features are from a plurality of messages. The metafolders may be used to tag new user messages with an auto-folder tag. | 07-05-2012 |
Patent application number | Description | Published |
20090187987 | Learning framework for online applications - Learning to, and detecting spam messages using a multi-stage combination of probability calculations based on individual and aggregate training sets of previously identified messages. During a preliminary phase, classifiers are trained, lower and upper limit probabilities, and a combined probability threshold are iteratively determined using a multi-stage combination of probability calculations based on minor and major subsets of messages previously categorized as valid or spam. During a live phase, a first stage classifier uses only a particular subset, and a second stage classifier uses a master set of previously categorized messages. If a newly received message can not be categorized with certainty by the first stage classifier, and a computed first stage probability is within the previously determined lower and upper limits, first and second stage probabilities are combined. If the combined probability is greater than the previously determined combined probability threshold, the received message is marked as spam. | 07-23-2009 |
20090216841 | IDENTIFYING IP ADDRESSES FOR SPAMMERS - Detecting and blocking spam messages using statistical analysis on distributions of message sizes for a given IP address. Mail volumes are examined to model a distribution of volumes to cluster IP addresses. The messages sizes may distributed across ranges of message sizes, which is then used to determine an entropy of message sizes for the given IP address. The entropy of the given IP address may be compared to entropies of known good IP addresses, and if a difference between the entropies is statistically significant, then the given IP address may be determined to be an IP spammer. User feedback may also be employed to further characterize an IP address. For example, a number of messages from the IP address may be sent to intended recipients. User feedback may then be monitored to determine whether to the IP address should be reclassified. | 08-27-2009 |