	US 12,255,915 B2
	Programmatic discovery, retrieval, and analysis of communications to identify abnormal communication activity
Sanjay Jeyakumar, Berkeley, CA (US); Jeshua Alexis Bratman, Brooklyn, NY (US); Dmitry Chechik, San Carlos, CA (US); Abhijit Bagri, Oakland, CA (US); Evan James Reiser, San Francisco, CA (US); Sanny Xiao Yang Liao, San Francisco, CA (US); Yu Zhou Lee, San Francisco, CA (US); Carlos Daniel Gasperi, New York, NY (US); Kevin Lau, Long Island, NY (US); Kai Jing Jiang, San Francisco, CA (US); Su Li Debbie Tan, San Mateo, CA (US); Jeremy Kao, Corona, CA (US); and Cheng-Lin Yeh, Menlo Park, CA (US)
Assigned to Abnormal Security Corporation, Las Vegas, NV (US)
Filed by Abnormal Security Corporation, San Francisco, CA (US)
Filed on Jun. 7, 2021, as Appl. No. 17/341,200.
Application 17/341,200 is a continuation of application No. 16/927,478, filed on Jul. 13, 2020, granted, now 11,032,312.
Application 16/927,478 is a continuation in part of application No. PCT/US2019/067279, filed on Dec. 18, 2019.
Application PCT/US2019/067279 is a continuation in part of application No. 16/672,854, filed on Nov. 4, 2019, granted, now 11,824,870.
Claims priority of provisional application 62/813,603, filed on Mar. 4, 2019.
Claims priority of provisional application 62/807,888, filed on Feb. 20, 2019.
Claims priority of provisional application 62/782,158, filed on Dec. 19, 2018.
Prior Publication US 2021/0297444 A1, Sep. 23, 2021
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); G06F 16/901 (2019.01); G06Q 10/107 (2023.01); H04L 9/40 (2022.01); H04L 41/16 (2022.01); H04L 51/212 (2022.01)

CPC H04L 63/1441 (2013.01) [G06F 16/9017 (2019.01); G06Q 10/107 (2013.01); H04L 41/16 (2013.01); H04L 51/212 (2022.05); H04L 63/1425 (2013.01); H04L 63/20 (2013.01)]

24 Claims

1. A method comprising:

acquiring an email addressed to an employee of an enterprise;

applying multiple machine learning (ML) models to the email to identify linguistic features that are indicative of content, sentiment, or tone of the email, wherein each ML model is able to detect linguistic features of a different type, such that the multiple ML models are able to collectively surface information regarding a goal of the email;

determining that the email poses a first type of threat included in a plurality of types of potentially posed threats, based at least in part on the linguistic features identified by the multiple ML models; and

causing display of a visualization component that indicates how a determination of the first type of threat was made on an interface, including by indicating a type of the first type of threat, and a plurality of reasons supporting the determination, wherein the plurality of reasons includes, for a specific reason included in the plurality of reasons, a visually displayed metric comparing specific content included in the email with respect to content of other emails that provides a numerical explanation of the completed determination of the first type of threat for the specific email.