Systems and user interfaces for dynamic and interactive investigation of bad actor behavior based on automatic clustering of related data in various data structures
US-9367872-B1 · Jun 14, 2016 · US
Phishing campaign ranker
US9749359B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9749359-B2 |
| Application number | US-201514805630-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 22, 2015 |
| Priority date | Jul 22, 2015 |
| Publication date | Aug 29, 2017 |
| Grant date | Aug 29, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
According to one embodiment, an apparatus includes a memory and a processor. The memory is configured to store a plurality of phishing scores, each phishing score of the plurality of phishing scores indicating a likelihood that a user will delete a phishing email. The processor is configured to determine that a plurality of phishing campaigns are occurring. For each phishing campaign of the plurality of phishing campaigns, the processor is configured to determine that a plurality of users deleted a phishing email of the phishing campaign and to determine a priority score for the phishing campaign based on the phishing score of each user of the plurality of users. The processor is further configured to rank the plurality of phishing campaigns based on the priority score of each phishing campaign, wherein the phishing campaign of the plurality of phishing campaigns with the highest rank is presented first.
First claim
Opening claim text (preview).
What is claimed is: 1. An apparatus comprising: a memory configured to store a plurality of phishing scores, each phishing score of the plurality of phishing scores indicating a likelihood that a user will delete a phishing email; and a processor communicatively coupled to the memory, the processor configured to: determine that a plurality of phishing campaigns are occurring; for each phishing campaign of the plurality of phishing campaigns: determine that a plurality of users deleted a phishing email of the phishing campaign; determine that a plurality of users fell victim to the phishing email of the phishing campaign; and determine a priority score for the phishing campaign based on the phishing score of each user of the plurality of users who deleted the phishing email, on the phishing score of each user of the plurality of users who fell victim to the phishing email, and on a number of phishing emails sent as part of the phishing campaign; and rank the plurality of phishing campaigns based on the priority score of each phishing campaign, wherein the phishing campaign of the plurality of phishing campaigns with the highest rank is presented first. 2. The apparatus of claim 1 , wherein the priority score for each phishing campaign is inversely proportional to the phishing score of a user of the plurality of users. 3. The apparatus of claim 1 , wherein the plurality of phishing scores are determined by analyzing a deletion rate of a plurality of users to a plurality of phishing emails. 4. The apparatus of claim 1 , wherein the phishing campaign of the plurality of phishing campaigns with the lowest ranking is ignored. 5. The apparatus of claim 1 , wherein for each phishing campaign, the determination of the priority score for the campaign is further based on a response rate to the phishing email of the phishing campaign. 6. A method comprising: storing, by a memory, a plurality of phishing scores, each phishing score of the plurality of phishing scores indicating a likelihood that a user will delete a phishing email; and determining, by a processor, that a plurality of phishing campaigns are occurring; for each phishing campaign of the plurality of phishing campaigns: determining, by the processor, that a plurality of users deleted a phishing email of the phishing campaign; determining that a plurality of users fell victim to the phishing email of the phishing campaign; and determining, by the processor, a priority score for the phishing campaign based on the phishing score of each user of the plurality of users who deleted the phishing email, on the phishing score of each user of the plurality of users who fell victim to the phishing email, and on a number of phishing emails sent as part of the phishing campaign; and ranking the plurality of phishing campaigns based on the priority score of each phishing campaign, wherein the phishing campaign of the plurality of phishing campaigns with the highest rank is presented first. 7. The method of claim 6 , wherein the priority score for each phishing campaign is inversely proportional to the phishing score of a user of the plurality of users. 8. The method of claim 6 , wherein the plurality of phishing scores are determined by analyzing a deletion rate of a plurality of users to a plurality of phishing emails. 9. The method of claim 6 , wherein the phishing campaign of the plurality of phishing campaigns with the lowest ranking is ignored. 10. The method of claim 6 , wherein for each phishing campaign, the determination of the priority score for the campaign is further based on a response rate to the phishing email of the phishing campaign. 11. A system comprising: a plurality of users; and a phishing management device comprising: a memory configured to store a plurality of phishing scores, each phishing score of the plurality of phishing scores indicating a likelihood that a user will delete a phishing email; and a processor communicatively coupled to the memory and configured to: determine that a plurality of phishing campaigns are occurring; for each phishing campaign of the plurality of phishing campaigns: determine that a plurality of users deleted a phishing email of the phishing campaign; determine that a plurality of users fell victim to the phishing email of the phishing campaign; and determine a priority score for the phishing campaign based on the phishing score of each user of the plurality of users who deleted the phishing email, on the phishing score of each user of the plurality of users who fell victim to the phishing email, and on a number of phishing emails sent as part of the phishing campaign; and rank the plurality of phishing campaigns based on the priority score of each phishing campaign, wherein the phishing campaign of the plurality of phishing campaigns with the highest rank is presented first. 12. The system of claim 11 , wherein the priority score for each phishing campaign is inversely proportional to the phishing score of a user of the plurality of users. 13. The system of claim 11 , wherein the plurality of phishing scores are determined by analyzing a deletion rate of a plurality of users to a plurality of phishing emails. 14. The system of claim 11 , wherein the phishing campaign of the plurality of phishing campaigns with the lowest ranking is ignored. 15. The system of claim 11 , wherein for each phishing campaign, the determination of the priority score for the campaign is further based on a response rate to the phishing email of the phishing campaign.
Assignees
Inventors
Classifications
the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms · CPC title
Vulnerability analysis · CPC title
Event detection, e.g. attack signature detection · CPC title
- H04L63/1483Primary
service impersonation, e.g. phishing, pharming or web spoofing (detection of rogue wireless access points H04W12/12) · CPC title
Traffic logging, e.g. anomaly detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9749359B2 cover?
- According to one embodiment, an apparatus includes a memory and a processor. The memory is configured to store a plurality of phishing scores, each phishing score of the plurality of phishing scores indicating a likelihood that a user will delete a phishing email. The processor is configured to determine that a plurality of phishing campaigns are occurring. For each phishing campaign of the plu…
- Who is the assignee on this patent?
- Bank Of America
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1483. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 29 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).