US 12,113,826 B2
System and method for creating heuristic rules based on received email messages to identity business email compromise attacks
Roman A Dedenok, Moscow (RU); Nikita D. Benkovich, Moscow (RU); Dmitry S. Golubev, Moscow (RU); and Yury G. Slobodyanuk, Moscow (RU)
Assigned to AO Kaspersky Lab, Moscow (RU)
Filed by AO Kaspersky Lab, Moscow (RU)
Filed on Nov. 30, 2023, as Appl. No. 18/524,871.
Application 18/524,871 is a continuation of application No. 17/473,367, filed on Sep. 13, 2021, granted, now 11,888,891.
Claims priority of application No. 2021103256 (RU), filed on Feb. 10, 2021.
Prior Publication US 2024/0106854 A1, Mar. 28, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 18/214 (2023.01); H04L 51/08 (2022.01)
CPC H04L 63/145 (2013.01) [G06F 18/214 (2023.01); H04L 51/08 (2013.01); H04L 63/1416 (2013.01); H04L 63/1483 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for creating a heuristic rule based on received email messages to identify Business Email Compromise (BEC) attacks, the method comprising:
filtering text of received email messages, using a first classifier, to extract one or more terms indicative of a BEC attack from the text of the received email messages, wherein the first classifier includes a trained recurrent neural network that includes a language model;
generating, using the first classifier, one or more n-grams based on the one or more extracted terms, wherein each of the one or more n-grams characterizes a particular extracted term;
generating, using a second classifier, a vector representation of the one or more extracted terms based on the generated one or more n-grams;
assigning a weight coefficient to each of the one or more extracted terms, wherein a higher weight coefficient indicates higher relevancy to BEC attack of the corresponding extracted term; and
generating a heuristic rule associated with the BEC attack by combining the weight coefficients of a combination of the one or more extracted terms.