System and method of comparative evaluation for phishing mitigation
US-2017331848-A1 · Nov 16, 2017 · US
Systems and methods for efficient combining of characteristc detection rules
US11902302B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11902302-B2 |
| Application number | US-202117461471-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 30, 2021 |
| Priority date | Dec 15, 2018 |
| Publication date | Feb 13, 2024 |
| Grant date | Feb 13, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
System and methods are described which are useful for efficiently combining characteristic detection rules, such as may be done to efficiently and quickly assist in the dispositioning of user reported security threats.
First claim
Opening claim text (preview).
We claim: 1. A method comprising: identifying, by the device, one or more indexes of one or more characteristic detection rules within a combination rule that have one of a binary or textual pattern that match at least a portion of an electronic communication received by the device, each of the one or more indexes identifying a position of a respective characteristic detection rule within the combination rule, each of the one or more characteristic detection rules having a revision identifier; determining, by the device, that the combination rule matches the electronic communication based at least on applying at least one or more logical operators of the combination rule to at least the one or more characteristic detection rules identified by the one or more indexes; identifying, by the device using the revision identifier, historical versions of each of the one or more characteristic detection rules; and identifying, by the device using the revisions identifier, whether a previous version of each of the one or more characteristic detection rules matched a previous electronic communication. 2. The method of claim 1 , further comprising determining, by the device, that the previous version of one of the one or more characteristic detection rules did match the previous electronic communication. 3. The method of claim 1 , further comprising determining, by the device, that the previous version of one of the one or more characteristic detection rules did not match the previous electronic communication. 4. The method of claim 3 , further comprising identifying, by the device, that a malicious electronic communication may have been received by the device undetected. 5. The method of claim 1 , wherein a condition of each of the one or more characteristic detection rules comprises the revision identifier. 6. The method of claim 1 , wherein the revision identifier is represented by a string. 7. The method of claim 1 , further comprising tracking, by the device, versions of each of the one or more characteristic detection rules over time using the revision identifier. 8. The method of claim 1 , wherein a description of each of one or more characteristic detection rules is based at least on one of the binary or textual pattern. 9. The method of claim 1 , further comprising determining, by the device, a classification score for the electronic communication based at least on which one of the one or more characteristic detection rules matched the electronic communication. 10. A system comprising; one or more processors, coupled to memory device and configured to: identify one or more indexes of one or more characteristic detection rules within a combination rule that have one of a binary or textual pattern that match at least a portion of an electronic communication received by the device, each of the one or more indexes identifying a position of a respective characteristic detection rule within the combination rule, each of the one or more characteristic detection rules having a revision identifier; determine that the combination rule matches the electronic communication based at least on applying at least one or more logical operators of the combination rule to at least the one or more characteristic detection rules identified by the one or more indexes; identify, using the revision identifier, historical versions of each of the one or more characteristic detection rules; and identify, using the revisions identifier, whether a previous version of each of the one or more characteristic detection rules matched a previous electronic communication. 11. The system of claim 10 , wherein the one or more processors are further configured to determine that the previous version of one of the one or more characteristic detection rules did match the previous electronic communication. 12. The system of claim 10 , wherein the one or more processors are further configured to determine that the previous version of one of the one or more characteristic detection rules did not match the previous electronic communication. 13. The system of claim 12 , wherein the one or more processors are further configured to identify that a malicious electronic communication may have been received by the device undetected. 14. The system of claim 10 , wherein a condition of each of the one or more characteristic detection rules comprises the revision identifier. 15. The system of claim 10 , wherein the revision identifier is represented by a string. 16. The system of claim 10 wherein the one or more processors are further configured to track versions of each of the one or more characteristic detection rules over time using the revision identifier. 17. The system of claim 10 , wherein a description of each of one or more characteristic detection rules is based at least on one of the binary or textual pattern. 18. The system of claim 10 , wherein the one or more processors are further configured to determine a classification score for the electronic communication based at least on which one of the one or more characteristic detection rules matched the electronic communication.
Assignees
Inventors
Classifications
- H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
- H04L63/1483Primary
service impersonation, e.g. phishing, pharming or web spoofing (detection of rogue wireless access points H04W12/12) · CPC title
Traffic logging, e.g. anomaly detection · CPC title
involving long-term monitoring or reporting · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11902302B2 cover?
- System and methods are described which are useful for efficiently combining characteristic detection rules, such as may be done to efficiently and quickly assist in the dispositioning of user reported security threats.
- Who is the assignee on this patent?
- Knowbe4 Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1416. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 13 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).