Abstract: Provided herein are methods, systems, and computer program products for intelligent detection of multistage attacks which may arise in computer environments. Embodiments herein leverage adaptive graph-based machine-learning solutions that can incorporate rules as well as supervised learning for detecting multistage attacks. Multistage attacks and attack chains may be detected or identified by collecting data representing events, detections, and behaviors, determining relationships among various data, and analyzing the data and associated relationships. A graph of events, detections, and behaviors which are connected by edges representing relationships between nodes of the graph may be constructed and then subgraphs of the possibly enormous initial graph may be identified which represent likely attacks.

Abstract: The described technologies leverage a trained evaluation function to analyze an email message to determine if a password is included in the text of the email message. The text of the email message may be vectorized using a character lookup table including vector values for each ASCII character. The trained evaluation function analyzes the vectorized text to determine if a password is included in the text of the mail message. An email message found to include a password may be placed in a quarantine storage to at least temporality prevent the email message from being disseminated to a recipient.

Abstract: The described technologies leverage a trained evaluation function to analyze an email message to determine if a password is included in the text of the email message. The text of the email message may be vectorized using a character lookup table including vector values for each ASCII character. The trained evaluation function analyzes the vectorized text to determine if a password is included in the text of the mail message. An email message found to include a password may be placed in a quarantine storage to at least temporality prevent the email message from being disseminated to a recipient.

Abstract: Provided herein are methods, systems, and computer program products for intelligent detection of multistage attacks which may arise in computer environments. Embodiments herein leverage adaptive graph-based machine-learning solutions that can incorporate rules as well as supervised learning for detecting multistage attacks. Multistage attacks and attack chains may be detected or identified by collecting data representing events, detections, and behaviors, determining relationships among various data, and analyzing the data and associated relationships. A graph of events, detections, and behaviors which are connected by edges representing relationships between nodes of the graph may be constructed and then subgraphs of the possibly enormous initial graph may be identified which represent likely attacks.

Abstract: Embodiments are directed to establishing an acceptability model to determine the acceptability of a communication originating from a specified location and to evaluating the acceptability of a received communication. In one scenario, a computer system accesses a communication history for an electronic device, at least one similar user's communication history and similar locations based on geographic topology data, where the communication history includes at least one previous communication between the electronic device and a computer system. The computer system accesses an updateable listing of locations based on the geographic topology data from which communications may be received from the electronic device. The computer system then generates an acceptability model configured to provide a reachability score that indicates the acceptability of subsequent communications from the electronic device based on the communication history, the similar user's communication history and the geographic topology data.