Method and system for analyzing electronic communications and customer information to recognize and mitigate message-based attacks
Abstract
A computing system includes a transceiver; a processor; and a memory storing instructions that, when executed by the one or more processors, cause the computing system to receive a first message; determine a personal message feature; train a machine learning model to classify a message intent by analyzing the first message and the personal message feature; receive a second electronic message; and determine an indication of fraud. A method includes receiving an electronic message; and determining an indication of fraud by analyzing the message using a machine learning model trained using personal message features to determine an intent; and analyzing an isolated domain name. A method includes receiving a message; determining a personal message feature corresponding to the message; and training a machine learning model to classify a message intent by analyzing the message and the personal message feature.
Claims
exact text as granted — not AI-modifiedWhat is claimed:
1 . A computing system for detecting and mitigating message-based attacks includes: a transceiver; one or more processors; and one or more memories storing instructions that, when executed by the one or more processors, cause the computing system to:
receive, via a computer network, a first electronic message; determine a personal message feature corresponding to the first electronic message; train a machine learning model to classify a message intent by analyzing the first electronic message and the personal message feature; receive, via a computer network, a second electronic message; and determine an indication of fraud by analyzing the second electronic message using the machine learning model trained using personal message features to determine an intent of the second electronic message analyzing a domain name isolated from the second electronic message to determine a domain name trust output.
2 . The computing system of claim 1 , the one or more memories storing instructions that, when executed by the one or more processors, cause the computing system to:
cause one or more mitigation actions to occur by analyzing the second message using a set of one or more mitigation rules.
3 . The computing system of claim 2 , the one or more memories storing instructions that, when executed by the one or more processors, cause the computing system to:
generate, based on executing the set of rules, a notification.
4 . The computing system of claim 2 , the one or more memories storing instructions that, when executed by the one or more processors, cause the computing system to:
inject, based on executing the set of rules, information into the second message.
5 . The computing system of claim 2 , the one or more memories storing instructions that, when executed by the one or more processors, cause the computing system to:
store, based on executing the set of rules, identifying information in the second message in a blacklist database.
6 . The computing system of claim 1 , the one or more memories storing instructions that, when executed by the one or more processors, cause the computing system to:
train the machine learning model to perform a logistic regression.
7 . The computing system of claim 1 , the one or more memories storing instructions that, when executed by the one or more processors, cause the computing system to:
normalize the first electronic message using a text normalization procedure.
8 . A computer-implemented method of detecting message-based attacks, comprising:
receiving, via a computer network, an electronic message; and determining an indication of fraud by:
(a) analyzing the message using a machine learning model trained using personal message features to determine an intent of the electronic message; and
(b) analyzing a domain name isolated from the message to determine a domain name trust output.
9 . The method of claim 8 , wherein analyzing the domain name isolated from the message to determine the domain name trust output includes querying one or both of (a) a public WHOIS server, and (b) a private WHOIS server.
10 . The method of claim 8 , wherein analyzing the domain name isolated from the message to determine the domain name trust output includes determining whether the domain name isolated from the message is a known value.
11 . The method of claim 8 , wherein analyzing the domain name isolated from the message to generate the domain name trust output includes determining a weighted score corresponding to a net domain name trust output.
12 . The method of claim 8 , further comprising:
causing one or more mitigation actions to occur by analyzing the second message using a set of one or more mitigation rules.
13 . The method of claim 12 , further comprising:
generate, based on executing the set of rules, a notification.
14 . The method of claim 12 , further comprising:
inject, based on executing the set of rules, information into the second message.
15 . The method of claim 12 , further comprising:
store, based on executing the set of rules, identifying information in the second message in a blacklist database.
16 . A computer-implemented method of training a machine learning model for detecting and mitigating message-based attacks, comprising:
receiving, via a computer network, an electronic message; determining a personal message feature corresponding to the electronic message; and training a machine learning model to classify a message intent by analyzing the electronic message and the personal message feature.
17 . The method of claim 16 , wherein the electronic message is an email.
18 . The method of claim 16 , wherein training the machine learning model to classify the message intent by analyzing the electronic message the personal message feature includes training the machine learning model to perform a logistic regression.
19 . The method of claim 16 , wherein training the machine learning model to classify the message intent by analyzing the electronic message the personal message feature includes normalizing the electronic message using a text normalization procedure.
20 . The method of claim 16 , wherein training the machine learning model to classify the message intent by analyzing the electronic message the personal message feature includes performing a grid search to determine one of a plurality of models that best fits the electronic message and the personal message feature.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.