Invention Grant
US09565209B1 Detecting electronic messaging threats by using metric trees and similarity hashes
有权
通过使用度量树和相似度散列来检测电子消息威胁
- Patent Title: Detecting electronic messaging threats by using metric trees and similarity hashes
- Patent Title (中): 通过使用度量树和相似度散列来检测电子消息威胁
-
Application No.: US14675545Application Date: 2015-03-31
-
Publication No.: US09565209B1Publication Date: 2017-02-07
- Inventor: Slawomir Grzonkowski , Alejandro Mosquera Lopez , Dylan Morss , Lamine Aouad
- Applicant: Symantec Corporation
- Applicant Address: US CA Mountain View
- Assignee: Symantec Corporation
- Current Assignee: Symantec Corporation
- Current Assignee Address: US CA Mountain View
- Agency: Patent Law Works LLP
- Main IPC: H04L29/06
- IPC: H04L29/06 ; H04L12/58 ; G06F17/30 ; G06F21/56
Abstract:
Each node of a metric tree comprises a similarity hash of a member of a dataset of known message threats, calculated using a given similarity hashing algorithm. The nodes are organized into the tree, positioned such that the differences between the similarity hashes are represented as distances between the nodes. Messages are received and tested to determine whether they are malicious. When a message is received, a similarity hash of the message is calculated using the same similarity hashing algorithm that is used to calculate the hashes of the members of the dataset. The tree is searched for a hash of a known message threat that is within a threshold of distance to the hash of the received message. Searching the tree can take the form of traversal from the root node, to determine whether the tree contains a node within the similarity threshold.
Information query
