US 12,231,463 B2
Content-based socially-engineered threat classifier
Cameron Michael Schmauch, Los Gatos, CA (US); and Chaitanya Puchakayala, San Jose, CA (US)
Assigned to PROOFPOINT, INC., Sunnyvale, CA (US)
Filed by Proofpoint, Inc., Sunnyvale, CA (US)
Filed on Mar. 11, 2022, as Appl. No. 17/693,157.
Prior Publication US 2023/0291764 A1, Sep. 14, 2023
Int. Cl. H04L 9/40 (2022.01); G06F 40/211 (2020.01)
CPC H04L 63/1483 (2013.01) [G06F 40/211 (2020.01); H04L 63/1416 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system for identification of threats in input content, the system comprising:
a processor;
a non-transitory computer-readable medium; and
stored instructions translatable by the processor to:
storing, in a feature syntax language (FSL) statement database, statements that define a plurality of functions, each function adapted to generate a corresponding feature responsive to detecting corresponding text in a content item;
receiving, by a core object generator, an input content item;
applying, by the core object generator, the functions stored in the FSL statement database to the input content item;
generating, by the core object generator, a set of features resulting from application of the functions stored in the FSL statement database to the input content item, the set of features corresponding to the input content item;
generating, by the core object generator, a core object containing the set of features corresponding to the input content item;
receiving, by a classifier engine, the core object from the core object generator;
retrieving, by the classifier engine, one or more rules from a rules database;
applying, by the classifier engine, the one or more rules to the received core object and thereby providing real-time identification of threats corresponding to the core object according to the applied one or more rules;
receiving, by a user interface coupled to the FSL statement database and the rules database, user input to modify the statements in the FSL statement database and the rules in the rules database, the system using the modified statements and rules in real- time;
receiving, by a user interface coupled to the FSL statement database and the rules database, user input to modify the statements in the FSL statement database and the rules in the rules database, the system using the modified statements and rules in real- time;
storing one or more named sets, each named set containing a set of alternative terms, the one or more named sets being included in at least one of: statements in the FSL statement database, and the rules in the rules database.