	US 11,948,379 B2
	Systems and methods of detecting email-based attacks through machine learning
Christopher Bayan Bruss, Washington, DC (US); Stephen Fletcher, Arlington, VA (US); Lei Yu, McLean, VA (US); and Jakob Kressel, Vienna, VA (US)
Assigned to CAPITAL ONE SERVICES, LLC, McLean, VA (US)
Filed by Capital One Services, LLC, McLean, VA (US)
Filed on Oct. 12, 2020, as Appl. No. 17/068,554.
Application 17/068,554 is a continuation of application No. 16/507,743, filed on Jul. 10, 2019, granted, now 10,805,347.
Application 16/507,743 is a continuation of application No. 16/168,055, filed on Oct. 23, 2018, granted, now 10,397,272, issued on Aug. 27, 2019.
Claims priority of provisional application 62/669,660, filed on May 10, 2018.
Prior Publication US 2021/0112095 A1, Apr. 15, 2021
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); G06F 18/214 (2023.01); G06F 18/241 (2023.01); G06N 20/00 (2019.01); G06V 30/19 (2022.01); H04L 9/40 (2022.01); H04L 51/08 (2022.01); H04L 51/212 (2022.01)

CPC G06V 30/19173 (2022.01) [G06F 18/214 (2023.01); G06F 18/241 (2023.01); G06N 20/00 (2019.01); H04L 51/08 (2013.01); H04L 51/212 (2022.05); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1483 (2013.01)]

20 Claims

1. A method comprising:

receiving an email addressed to a user;

separating the email into a plurality of email components including a first link;

analyzing, using machine-learning techniques, the first link by:

virtually navigating to an end-point of the first link;

receiving any automatic download triggered by virtually navigating to the end-point; and

analyzing the automatic download;

providing the analyses of the first link to a stacked ensemble analyzer comprising a nonparametric model; and

determining, based on an output of the stacked ensemble analyzer, that the email is potentially malicious.