Method and system for using spam e-mail honeypots to identify potential malware containing e-mails
US8549642B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Jan 20, 2010 |
| Grant date | Oct 1, 2013 |
| Priority date | — |
| Expiry date | Apr 15, 2031 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1491
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method and apparatus for employing honeypot systems to identify potential malware containing messages whereby a decoy system to receive illegitimate e-mails is established. E-mails sent to the spam e-mail honeypot decoy are initially scanned/filtered and e-mails that are not considered possible malware containing e-mails are filtered out while the remaining e-mails sent to the spam e-mail honeypot decoy are identified as potential malware containing e-mails. One or more features, and/or feature values, of the identified e-mails are then identified, extracted and ranked. Once a given feature, and/or feature value, occurs more than a burst threshold number of times, the status of the given feature, and/or feature value, is transformed to that of suspicious e-mail parameter.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.