US2021250320A1PendingUtilityA1

Method and system for analyzing electronic communications and customer information to recognize and mitigate message-based attacks

55
Assignee: CDW LLCPriority: Mar 1, 2019Filed: Apr 26, 2021Published: Aug 12, 2021
Est. expiryMar 1, 2039(~12.6 yrs left)· nominal 20-yr term from priority
H04L 51/23G06Q 10/107H04L 47/50H04L 51/30
55
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A computing system includes a transceiver; a processor; and a memory storing instructions that, when executed by the one or more processors, cause the computing system to receive a first message; determine a personal message feature; train a machine learning model to classify a message intent by analyzing the first message and the personal message feature; receive a second electronic message; and determine an indication of fraud. A method includes receiving an electronic message; and determining an indication of fraud by analyzing the message using a machine learning model trained using personal message features to determine an intent; and analyzing an isolated domain name. A method includes receiving a message; determining a personal message feature corresponding to the message; and training a machine learning model to classify a message intent by analyzing the message and the personal message feature.

Claims

exact text as granted — not AI-modified
What is claimed: 
     
         1 . A computing system for detecting and mitigating message-based attacks includes: a transceiver; one or more processors; and one or more memories storing instructions that, when executed by the one or more processors, cause the computing system to:
 receive, via a computer network, a first electronic message;   determine a personal message feature corresponding to the first electronic message;   train a machine learning model to classify a message intent by analyzing the first electronic message and the personal message feature;   receive, via a computer network, a second electronic message; and   determine an indication of fraud by analyzing the second electronic message using the machine learning model trained using personal message features to determine an intent of the second electronic message analyzing a domain name isolated from the second electronic message to determine a domain name trust output.   
     
     
         2 . The computing system of  claim 1 , the one or more memories storing instructions that, when executed by the one or more processors, cause the computing system to:
 cause one or more mitigation actions to occur by analyzing the second message using a set of one or more mitigation rules.   
     
     
         3 . The computing system of  claim 2 , the one or more memories storing instructions that, when executed by the one or more processors, cause the computing system to:
 generate, based on executing the set of rules, a notification.   
     
     
         4 . The computing system of  claim 2 , the one or more memories storing instructions that, when executed by the one or more processors, cause the computing system to:
 inject, based on executing the set of rules, information into the second message.   
     
     
         5 . The computing system of  claim 2 , the one or more memories storing instructions that, when executed by the one or more processors, cause the computing system to:
 store, based on executing the set of rules, identifying information in the second message in a blacklist database.   
     
     
         6 . The computing system of  claim 1 , the one or more memories storing instructions that, when executed by the one or more processors, cause the computing system to:
 train the machine learning model to perform a logistic regression.   
     
     
         7 . The computing system of  claim 1 , the one or more memories storing instructions that, when executed by the one or more processors, cause the computing system to:
 normalize the first electronic message using a text normalization procedure.   
     
     
         8 . A computer-implemented method of detecting message-based attacks, comprising:
 receiving, via a computer network, an electronic message; and   determining an indication of fraud by:
 (a) analyzing the message using a machine learning model trained using personal message features to determine an intent of the electronic message; and 
 (b) analyzing a domain name isolated from the message to determine a domain name trust output. 
   
     
     
         9 . The method of  claim 8 , wherein analyzing the domain name isolated from the message to determine the domain name trust output includes querying one or both of (a) a public WHOIS server, and (b) a private WHOIS server. 
     
     
         10 . The method of  claim 8 , wherein analyzing the domain name isolated from the message to determine the domain name trust output includes determining whether the domain name isolated from the message is a known value. 
     
     
         11 . The method of  claim 8 , wherein analyzing the domain name isolated from the message to generate the domain name trust output includes determining a weighted score corresponding to a net domain name trust output. 
     
     
         12 . The method of  claim 8 , further comprising:
 causing one or more mitigation actions to occur by analyzing the second message using a set of one or more mitigation rules.   
     
     
         13 . The method of  claim 12 , further comprising:
 generate, based on executing the set of rules, a notification.   
     
     
         14 . The method of  claim 12 , further comprising:
 inject, based on executing the set of rules, information into the second message.   
     
     
         15 . The method of  claim 12 , further comprising:
 store, based on executing the set of rules, identifying information in the second message in a blacklist database.   
     
     
         16 . A computer-implemented method of training a machine learning model for detecting and mitigating message-based attacks, comprising:
 receiving, via a computer network, an electronic message;   determining a personal message feature corresponding to the electronic message; and   training a machine learning model to classify a message intent by analyzing the electronic message and the personal message feature.   
     
     
         17 . The method of  claim 16 , wherein the electronic message is an email. 
     
     
         18 . The method of  claim 16 , wherein training the machine learning model to classify the message intent by analyzing the electronic message the personal message feature includes training the machine learning model to perform a logistic regression. 
     
     
         19 . The method of  claim 16 , wherein training the machine learning model to classify the message intent by analyzing the electronic message the personal message feature includes normalizing the electronic message using a text normalization procedure. 
     
     
         20 . The method of  claim 16 , wherein training the machine learning model to classify the message intent by analyzing the electronic message the personal message feature includes performing a grid search to determine one of a plurality of models that best fits the electronic message and the personal message feature.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.