Abstract: A method for identification of malicious domains is provided. The method extracts a set of domain information from one or more input streams. The set of domain information includes a set of domains and a set of domain characteristics describing each domain. The method clusters the set of domains to generate a set of campaign clusters of related domains. The clusters are based on the set of domain characteristics. The method modifies the set of campaign clusters with a set of threat intelligence ratings to generate a set of enriched campaign clusters. A portion of the set of threat intelligence ratings correspond to one or more domains within the set of campaign clusters. The method determines a cluster designation for each campaign cluster of the set of enriched campaign clusters and distributes the cluster designations for each campaign cluster to one or more threat intelligence resource.

Abstract: A method for identification of malicious domains is provided. The method extracts a set of domain information from one or more input streams. The set of domain information includes a set of domains and a set of domain characteristics describing each domain. The method clusters the set of domains to generate a set of campaign clusters of related domains. The clusters are based on the set of domain characteristics. The method modifies the set of campaign clusters with a set of threat intelligence ratings to generate a set of enriched campaign clusters. A portion of the set of threat intelligence ratings correspond to one or more domains within the set of campaign clusters. The method determines a cluster designation for each campaign cluster of the set of enriched campaign clusters and distributes the cluster designations for each campaign cluster to one or more threat intelligence resource.

Abstract: According to one exemplary embodiment, a method for detecting unsolicited bulk emails (UBE) is provided. The method may include receiving an email. The method may also include identifying a uniform resource locator (URL) contained in the received email. The method may then include dividing the identified URL into a plurality of component parts. The method may further include generating a tree structure based on the plurality of component parts. The method may also include generating an input string based on the generated tree structure. The method may then include calculating a hash value based on the generated input string. The method may further include determining if the calculated hash value matches a UBE hash value within a plurality of UBE hash values. The method may also include identifying the received email as a UBE based on determining that the calculated hash value matches the UBE hash value.

Abstract: A mechanism is provided for automatic genre determination of web content. For each type of web content genre, a set of relevant feature types are extracted from collected training material, where genre features and non-genre features are represented by tokens and an integer counts represents a frequency of appearance of the token in both a first type of training material and a second type of training material. In a classification process, fixed length tokens are extracted for relevant features types from different text and structural elements of web content. For each relevant feature type, a corresponding feature probability is calculated. The feature probabilities are combined to an overall genre probability that the web content belongs to a specific trained web content genre. A genre classification result is then output comprising at least one specific trained web content genre to which the web content belongs together with a corresponding genre probability.

Abstract: According to one exemplary embodiment, a method for detecting unsolicited bulk emails (UBE) is provided. The method may include receiving an email. The method may also include identifying a uniform resource locator (URL) contained in the received email. The method may then include dividing the identified URL into a plurality of component parts. The method may further include generating a tree structure based on the plurality of component parts. The method may also include generating an input string based on the generated tree structure. The method may then include calculating a hash value based on the generated input string. The method may further include determining if the calculated hash value matches a UBE hash value within a plurality of UBE hash values. The method may also include identifying the received email as a UBE based on determining that the calculated hash value matches the UBE hash value.

Abstract: A method for classification of suspicious activities is provided. In the method, a first intrusion detection system comprising a normal operation mode and which is connected to a second intrusion detection system by a first communications connection is implemented. In response to detecting a malfunction of the first communications connection, the first intrusion detection system is switched from the normal operation mode to a limited operation mode for receiving first data from one or more honeypot systems and second data from the second intrusion detection system. A prediction model for representing malicious attacks is generated by execution of a predefined classification algorithm with respect to the received data, wherein the predefined classification algorithm further determine a model evaluation metric with respect to the prediction model. The prediction model is deployed to detect the malicious attacks if the model evaluation metric meets a predefined validation condition.

Abstract: A method for classification of suspicious activities is provided. In the method, a first intrusion detection system comprising a normal operation mode and which is connected to a second intrusion detection system by a first communications connection is implemented. In response to detecting a malfunction of the first communications connection, the first intrusion detection system is switched from the normal operation mode to a limited operation mode for receiving first data from one or more honeypot systems and second data from the second intrusion detection system. A prediction model for representing malicious attacks is generated by execution of a predefined classification algorithm with respect to the received data, wherein the predefined classification algorithm further determine a model evaluation metric with respect to the prediction model. The prediction model is deployed to detect the malicious attacks if the model evaluation metric meets a predefined validation condition.

Abstract: A mechanism is provided for automatic genre determination of web content. For each type of web content genre, a set of relevant feature types are extracted from collected training material, where genre features and non-genre features are represented by tokens and an integer counts represents a frequency of appearance of the token in both a first type of training material and a second type of training material. In a classification process, fixed length tokens are extracted for relevant features types from different text and structural elements of web content. For each relevant feature type, a corresponding feature probability is calculated. The feature probabilities are combined to an overall genre probability that the web content belongs to a specific trained web content genre. A genre classification result is then output comprising at least one specific trained web content genre to which the web content belongs together with a corresponding genre probability.

Abstract: A mechanism is provided for automatic genre determination of web content. For each type of web content genre, a set of relevant feature types are extracted from collected training material, where genre features and non-genre features are represented by tokens and an integer counts represents a frequency of appearance of the token in both a first type of training material and a second type of training material. In a classification process, fixed length tokens are extracted for relevant features types from different text and structural elements of web content. For each relevant feature type, a corresponding feature probability is calculated. The feature probabilities are combined to an overall genre probability that the web content belongs to a specific trained web content genre. A genre classification result is then output comprising at least one specific trained web content genre to which the web content belongs together with a corresponding genre probability.

Abstract: A mechanism is provided for automatic genre determination of web content. For each type of web content genre, a set of relevant feature types are extracted from collected training material, where genre features and non-genre features are represented by tokens and an integer counts represents a frequency of appearance of the token in both a first type of training material and a second type of training material. In a classification process, fixed length tokens are extracted for relevant features types from different text and structural elements of web content. For each relevant feature type, a corresponding feature probability is calculated. The feature probabilities are combined to an overall genre probability that the web content belongs to a specific trained web content genre. A genre classification result is then output comprising at least one specific trained web content genre to which the web content belongs together with a corresponding genre probability.

Abstract: According to one exemplary embodiment, a method for detecting unsolicited bulk emails (UBE) is provided. The method may include receiving an email. The method may also include identifying a uniform resource locator (URL) contained in the received email. The method may then include dividing the identified URL into a plurality of component parts. The method may further include generating a tree structure based on the plurality of component parts. The method may also include generating an input string based on the generated tree structure. The method may then include calculating a hash value based on the generated input string. The method may further include determining if the calculated hash value matches a UBE hash value within a plurality of UBE hash values. The method may also include identifying the received email as a UBE based on determining that the calculated hash value matches the UBE hash value.

Abstract: According to one exemplary embodiment, a method for detecting unsolicited bulk emails (UBE) is provided. The method may include receiving an email. The method may also include identifying a uniform resource locator (URL) contained in the received email. The method may then include dividing the identified URL into a plurality of component parts. The method may further include generating a tree structure based on the plurality of component parts. The method may also include generating an input string based on the generated tree structure. The method may then include calculating a hash value based on the generated input string. The method may further include determining if the calculated hash value matches a UBE hash value within a plurality of UBE hash values. The method may also include identifying the received email as a UBE based on determining that the calculated hash value matches the UBE hash value.

Abstract: A mechanism is provided for automatic genre determination of web content. For each type of web content genre, a set of relevant feature types are extracted from collected training material, where genre features and non-genre features are represented by tokens and an integer counts represents a frequency of appearance of the token in both a first type of training material and a second type of training material. In a classification process, fixed length tokens are extracted for relevant features types from different text and structural elements of web content. For each relevant feature type, a corresponding feature probability is calculated. The feature probabilities are combined to an overall genre probability that the web content belongs to a specific trained web content genre. A genre classification result is then output comprising at least one specific trained web content genre to which the web content belongs together with a corresponding genre probability.

Abstract: The invention provides for a computer-implemented method for detecting one or more archive images matching a search image, each matching archive image being a derivative of the search image or being an original image the search image was derived from accessing a plurality of the archive images. For each of said archive images, a respective archive image histogram may be calculated, wherein each archive image histogram includes a plurality of combination micro-feature values. The archive image histogram may be stored to a database.

Abstract: A mechanism is provided for automatic genre determination of web content. For each type of web content genre, a set of relevant feature types are extracted from collected training material, where genre features and non-genre features are represented by tokens and an integer counts represents a frequency of appearance of the token in both a first type of training material and a second type of training material. In a classification process, fixed length tokens are extracted for relevant features types from different text and structural elements of web content. For each relevant feature type, a corresponding feature probability is calculated. The feature probabilities are combined to an overall genre probability that the web content belongs to a specific trained web content genre. A genre classification result is then output comprising at least one specific trained web content genre to which the web content belongs together with a corresponding genre probability.

Abstract: The invention provides for a computer-implemented method for detecting one or more archive images matching a search image, each matching archive image being a derivative of the search image or being an original image the search image was derived from accessing a plurality of the archive images. For each of said archive images, a respective archive image histogram may be calculated, wherein each archive image histogram includes a plurality of combination micro-feature values. The archive image histogram may be stored to a database.

Abstract: A method of generating a fingerprint of a bit sequence includes determining a relative occurrence frequency of each bit combination of a set of bit combinations in the bit sequence, wherein the set of bit combinations comprises all possible non-redundant sub-sequences of bits having at least one bit and at most a preset maximal number of bits. The method further includes determining for each bit combination of the set of bit combinations a difference value between the relative occurrence frequency of the bit combination and a random occurrence frequency, the random occurrence frequency relating to the expected random occurrence of the bit combination in the bit sequence. Moreover, the method includes allocating a set of bins, each bin of the set of bins being associated with a predetermined interval of difference values, each bin further relating to a bin value.

Abstract: A spam detection system can monitor incoming and outgoing email messages and prevent email messages from being delivered. This spam detection system incorporates a sender ranking system that maintains prior sender's email addresses and an associated reliability value in a database. If an email message is categorized as spam, the system searches to see if the sender is located in the database. If the sender is located in the database and their reliability value is above a certain threshold, the sender's reliability value is decreased and the email message is treated as not spam. If the sender is not located in the database, the email message is discarded as spam. If an email message is not categorized as spam, prior users located in the database will have their reliability values increased, while new users will be entered into the database at a default level.

Abstract: A method of generating a fingerprint of a bit sequence includes determining a relative occurrence frequency of each bit combination of a set of bit combinations in the bit sequence, wherein the set of bit combinations comprises all possible non-redundant sub-sequences of bits having at least one bit and at most a preset maximal number of bits. The method further includes determining for each bit combination of the set of bit combinations a difference value between the relative occurrence frequency of the bit combination and a random occurrence frequency, the random occurrence frequency relating to the expected random occurrence of the bit combination in the bit sequence. Moreover, the method includes allocating a set of bins, each bin of the set of bins being associated with a predetermined interval of difference values, each bin further relating to a bin value.

Abstract: A spam detection system can monitor incoming and outgoing email messages and prevent email messages from being delivered. This spam detection system incorporates a sender ranking system that maintains prior sender's email addresses and an associated reliability value in a database. If an email message is categorized as spam, the system searches to see if the sender is located in the database. If the sender is located in the database and their reliability value is above a certain threshold, the sender's reliability value is decreased and the email message is treated as not spam. If the sender is not located in the database, the email message is discarded as spam. If an email message is not categorized as spam, prior users located in the database will have their reliability values increased, while new users will be entered into the database at a default level.