公开(公告)号：US20240356969A1

公开(公告)日：2024-10-24

申请号：US18220065

申请日：2023-07-10

Applicant: Cisco Technology, Inc.

Inventor： Jan Brabec ,  Milos Lenoch ,  Tomas Sixta ,  Filip Srajer ,  Radek Starosta

IPC: H04L9/40 ,  G06Q10/107

CPC classification number: H04L63/1483 ,  G06Q10/107

Abstract: Techniques for an email-security system to screen emails, extract information from the emails, analyze the extracted information, assign probability scores to the emails, and classify the email as suspicious or not. A method is disclosed that includes analyzing an email and extracting a first sender attribute and a second sender attribute from the email. Identifying one or more sender-specific models associated with a sending device, and applying one or more sender-specific models to determine a first probability value associated with the first sender attribute that conveys a likelihood that the first sender attribute is a misused sender attribute. Applying one or more sender-specific models to determine a second probability value associated with the second sender attribute is a second misused sender attribute, and determining, by using the first probability value and the second probability value, an overall probability value associated with a likelihood that the email is suspicious or not.

公开(公告)号：US20240333762A1

公开(公告)日：2024-10-03

申请号：US18192453

申请日：2023-03-29

Applicant: Cisco Technology, Inc.

Inventor： Tomas Sixta ,  Filip Srajer

IPC: H04L9/40 ,  G06F40/30 ,  G06V10/40

CPC classification number: H04L63/1483 ,  G06F40/30 ,  G06V10/40 ,  G06V2201/09

Abstract: In some aspects, the techniques described herein relate to a method for detecting malicious emails, the method including: receiving an email, wherein the email is associated with a markup payload; determining, based on the markup payload, text data associated with the email; determining, using the text data and a first machine learning model, a first representation of the email representing text associated with the email; rendering the email to generate image data that represents a rendering of the email; determining, using the image data and a second machine learning model, a second representation of the email that represents at least the rendering of the email; and determining a prediction for the email based on the first representation and the second representation, wherein the prediction represents whether the email is predicted to be malicious based on the first representation and the second representation.

公开(公告)号：US20240333738A1

公开(公告)日：2024-10-03

申请号：US18192236

申请日：2023-03-29

Applicant: Cisco Technology, Inc.

Inventor： Jan Brabec ,  Tomas Sixta

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/1416

Abstract: A method to perform the techniques described herein includes receiving a first email from a first sender to a first receiver. The method may include determining a first maliciousness prediction that indicates a first likelihood that the first email is malicious. The method may include determining that the first maliciousness prediction fails to satisfy a maliciousness pattern associated with malicious emails. The method may include receiving a second email from the first sender to the first receiver. The method may include determining that the first email and second email were received within a threshold period of time. The method may include determining an overall maliciousness prediction that indicates an overall likelihood that the first email and second email in combination are malicious. The method may include determining that the overall maliciousness prediction satisfies the maliciousness pattern.