Abstract: According to one exemplary embodiment, a method for detecting unsolicited bulk emails (UBE) is provided. The method may include receiving an email. The method may also include identifying a uniform resource locator (URL) contained in the received email. The method may then include dividing the identified URL into a plurality of component parts. The method may further include generating a tree structure based on the plurality of component parts. The method may also include generating an input string based on the generated tree structure. The method may then include calculating a hash value based on the generated input string. The method may further include determining if the calculated hash value matches a UBE hash value within a plurality of UBE hash values. The method may also include identifying the received email as a UBE based on determining that the calculated hash value matches the UBE hash value.

Abstract: According to one exemplary embodiment, a method for detecting unsolicited bulk emails (UBE) is provided. The method may include receiving an email. The method may also include identifying a uniform resource locator (URL) contained in the received email. The method may then include dividing the identified URL into a plurality of component parts. The method may further include generating a tree structure based on the plurality of component parts. The method may also include generating an input string based on the generated tree structure. The method may then include calculating a hash value based on the generated input string. The method may further include determining if the calculated hash value matches a UBE hash value within a plurality of UBE hash values. The method may also include identifying the received email as a UBE based on determining that the calculated hash value matches the UBE hash value.

Abstract: A method for classification of suspicious activities is provided. In the method, a first intrusion detection system comprising a normal operation mode and which is connected to a second intrusion detection system by a first communications connection is implemented. In response to detecting a malfunction of the first communications connection, the first intrusion detection system is switched from the normal operation mode to a limited operation mode for receiving first data from one or more honeypot systems and second data from the second intrusion detection system. A prediction model for representing malicious attacks is generated by execution of a predefined classification algorithm with respect to the received data, wherein the predefined classification algorithm further determine a model evaluation metric with respect to the prediction model. The prediction model is deployed to detect the malicious attacks if the model evaluation metric meets a predefined validation condition.

Abstract: A method for classification of suspicious activities is provided. In the method, a first intrusion detection system comprising a normal operation mode and which is connected to a second intrusion detection system by a first communications connection is implemented. In response to detecting a malfunction of the first communications connection, the first intrusion detection system is switched from the normal operation mode to a limited operation mode for receiving first data from one or more honeypot systems and second data from the second intrusion detection system. A prediction model for representing malicious attacks is generated by execution of a predefined classification algorithm with respect to the received data, wherein the predefined classification algorithm further determine a model evaluation metric with respect to the prediction model. The prediction model is deployed to detect the malicious attacks if the model evaluation metric meets a predefined validation condition.

Abstract: According to one exemplary embodiment, a method for detecting unsolicited bulk emails (UBE) is provided. The method may include receiving an email. The method may also include identifying a uniform resource locator (URL) contained in the received email. The method may then include dividing the identified URL into a plurality of component parts. The method may further include generating a tree structure based on the plurality of component parts. The method may also include generating an input string based on the generated tree structure. The method may then include calculating a hash value based on the generated input string. The method may further include determining if the calculated hash value matches a UBE hash value within a plurality of UBE hash values. The method may also include identifying the received email as a UBE based on determining that the calculated hash value matches the UBE hash value.

Abstract: According to one exemplary embodiment, a method for detecting unsolicited bulk emails (UBE) is provided. The method may include receiving an email. The method may also include identifying a uniform resource locator (URL) contained in the received email. The method may then include dividing the identified URL into a plurality of component parts. The method may further include generating a tree structure based on the plurality of component parts. The method may also include generating an input string based on the generated tree structure. The method may then include calculating a hash value based on the generated input string. The method may further include determining if the calculated hash value matches a UBE hash value within a plurality of UBE hash values. The method may also include identifying the received email as a UBE based on determining that the calculated hash value matches the UBE hash value.