Patents by Inventor Mark Usher
Mark Usher has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11689548Abstract: A method for identification of malicious domains is provided. The method extracts a set of domain information from one or more input streams. The set of domain information includes a set of domains and a set of domain characteristics describing each domain. The method clusters the set of domains to generate a set of campaign clusters of related domains. The clusters are based on the set of domain characteristics. The method modifies the set of campaign clusters with a set of threat intelligence ratings to generate a set of enriched campaign clusters. A portion of the set of threat intelligence ratings correspond to one or more domains within the set of campaign clusters. The method determines a cluster designation for each campaign cluster of the set of enriched campaign clusters and distributes the cluster designations for each campaign cluster to one or more threat intelligence resource.Type: GrantFiled: July 11, 2019Date of Patent: June 27, 2023Assignee: International Business Machines CorporationInventors: Mark Usher, Johannes Noll, Uwe Küllmar, Dirk Harz, Marc Noske
-
Publication number: 20210014252Abstract: A method for identification of malicious domains is provided. The method extracts a set of domain information from one or more input streams. The set of domain information includes a set of domains and a set of domain characteristics describing each domain. The method clusters the set of domains to generate a set of campaign clusters of related domains. The clusters are based on the set of domain characteristics. The method modifies the set of campaign clusters with a set of threat intelligence ratings to generate a set of enriched campaign clusters. A portion of the set of threat intelligence ratings correspond to one or more domains within the set of campaign clusters. The method determines a cluster designation for each campaign cluster of the set of enriched campaign clusters and distributes the cluster designations for each campaign cluster to one or more threat intelligence resource.Type: ApplicationFiled: July 11, 2019Publication date: January 14, 2021Inventors: Mark Usher, Johannes Noll, Uwe Küllmar, Dirk Harz, Marc Noske
-
Patent number: 10810176Abstract: According to one exemplary embodiment, a method for detecting unsolicited bulk emails (UBE) is provided. The method may include receiving an email. The method may also include identifying a uniform resource locator (URL) contained in the received email. The method may then include dividing the identified URL into a plurality of component parts. The method may further include generating a tree structure based on the plurality of component parts. The method may also include generating an input string based on the generated tree structure. The method may then include calculating a hash value based on the generated input string. The method may further include determining if the calculated hash value matches a UBE hash value within a plurality of UBE hash values. The method may also include identifying the received email as a UBE based on determining that the calculated hash value matches the UBE hash value.Type: GrantFiled: April 28, 2015Date of Patent: October 20, 2020Assignee: International Business Machines CorporationInventors: Astrid Granacher, Dirk Harz, Juergen Kader, Johannes Noll, Mark Usher
-
Patent number: 10764353Abstract: A mechanism is provided for automatic genre determination of web content. For each type of web content genre, a set of relevant feature types are extracted from collected training material, where genre features and non-genre features are represented by tokens and an integer counts represents a frequency of appearance of the token in both a first type of training material and a second type of training material. In a classification process, fixed length tokens are extracted for relevant features types from different text and structural elements of web content. For each relevant feature type, a corresponding feature probability is calculated. The feature probabilities are combined to an overall genre probability that the web content belongs to a specific trained web content genre. A genre classification result is then output comprising at least one specific trained web content genre to which the web content belongs together with a corresponding genre probability.Type: GrantFiled: October 18, 2018Date of Patent: September 1, 2020Assignee: International Business Machines CorporationInventors: Dirk Harz, Ralf Iffert, Mark Keinhoerster, Mark Usher
-
Patent number: 10706032Abstract: According to one exemplary embodiment, a method for detecting unsolicited bulk emails (UBE) is provided. The method may include receiving an email. The method may also include identifying a uniform resource locator (URL) contained in the received email. The method may then include dividing the identified URL into a plurality of component parts. The method may further include generating a tree structure based on the plurality of component parts. The method may also include generating an input string based on the generated tree structure. The method may then include calculating a hash value based on the generated input string. The method may further include determining if the calculated hash value matches a UBE hash value within a plurality of UBE hash values. The method may also include identifying the received email as a UBE based on determining that the calculated hash value matches the UBE hash value.Type: GrantFiled: June 3, 2015Date of Patent: July 7, 2020Assignee: International Business Machines CorporationInventors: Astrid Granacher, Dirk Harz, Juergen Kader, Johannes Noll, Mark Usher
-
Patent number: 10686807Abstract: A method for classification of suspicious activities is provided. In the method, a first intrusion detection system comprising a normal operation mode and which is connected to a second intrusion detection system by a first communications connection is implemented. In response to detecting a malfunction of the first communications connection, the first intrusion detection system is switched from the normal operation mode to a limited operation mode for receiving first data from one or more honeypot systems and second data from the second intrusion detection system. A prediction model for representing malicious attacks is generated by execution of a predefined classification algorithm with respect to the received data, wherein the predefined classification algorithm further determine a model evaluation metric with respect to the prediction model. The prediction model is deployed to detect the malicious attacks if the model evaluation metric meets a predefined validation condition.Type: GrantFiled: June 12, 2018Date of Patent: June 16, 2020Assignee: International Business Machines CorporationInventors: Gideon Zenz, Volker Vogeley, Dirk Harz, Mark Usher, Astrid Granacher
-
Publication number: 20190379677Abstract: A method for classification of suspicious activities is provided. In the method, a first intrusion detection system comprising a normal operation mode and which is connected to a second intrusion detection system by a first communications connection is implemented. In response to detecting a malfunction of the first communications connection, the first intrusion detection system is switched from the normal operation mode to a limited operation mode for receiving first data from one or more honeypot systems and second data from the second intrusion detection system. A prediction model for representing malicious attacks is generated by execution of a predefined classification algorithm with respect to the received data, wherein the predefined classification algorithm further determine a model evaluation metric with respect to the prediction model. The prediction model is deployed to detect the malicious attacks if the model evaluation metric meets a predefined validation condition.Type: ApplicationFiled: June 12, 2018Publication date: December 12, 2019Inventors: Gideon Zenz, Volker Vogeley, Dirk Harz, Mark Usher, Astrid Granacher
-
Publication number: 20190052694Abstract: A mechanism is provided for automatic genre determination of web content. For each type of web content genre, a set of relevant feature types are extracted from collected training material, where genre features and non-genre features are represented by tokens and an integer counts represents a frequency of appearance of the token in both a first type of training material and a second type of training material. In a classification process, fixed length tokens are extracted for relevant features types from different text and structural elements of web content. For each relevant feature type, a corresponding feature probability is calculated. The feature probabilities are combined to an overall genre probability that the web content belongs to a specific trained web content genre. A genre classification result is then output comprising at least one specific trained web content genre to which the web content belongs together with a corresponding genre probability.Type: ApplicationFiled: October 18, 2018Publication date: February 14, 2019Inventors: Dirk Harz, Ralf Iffert, Mark Keinhoerster, Mark Usher
-
Patent number: 10110658Abstract: A mechanism is provided for automatic genre determination of web content. For each type of web content genre, a set of relevant feature types are extracted from collected training material, where genre features and non-genre features are represented by tokens and an integer counts represents a frequency of appearance of the token in both a first type of training material and a second type of training material. In a classification process, fixed length tokens are extracted for relevant features types from different text and structural elements of web content. For each relevant feature type, a corresponding feature probability is calculated. The feature probabilities are combined to an overall genre probability that the web content belongs to a specific trained web content genre. A genre classification result is then output comprising at least one specific trained web content genre to which the web content belongs together with a corresponding genre probability.Type: GrantFiled: June 3, 2015Date of Patent: October 23, 2018Assignee: International Business Machines CorporationInventors: Dirk Harz, Ralf Iffert, Mark Keinhoerster, Mark Usher
-
Patent number: 9565236Abstract: A mechanism is provided for automatic genre determination of web content. For each type of web content genre, a set of relevant feature types are extracted from collected training material, where genre features and non-genre features are represented by tokens and an integer counts represents a frequency of appearance of the token in both a first type of training material and a second type of training material. In a classification process, fixed length tokens are extracted for relevant features types from different text and structural elements of web content. For each relevant feature type, a corresponding feature probability is calculated. The feature probabilities are combined to an overall genre probability that the web content belongs to a specific trained web content genre. A genre classification result is then output comprising at least one specific trained web content genre to which the web content belongs together with a corresponding genre probability.Type: GrantFiled: December 4, 2013Date of Patent: February 7, 2017Assignee: International Business Machines CorporationInventors: Dirk Harz, Ralf Iffert, Mark Keinhoerster, Mark Usher
-
Publication number: 20160321254Abstract: According to one exemplary embodiment, a method for detecting unsolicited bulk emails (UBE) is provided. The method may include receiving an email. The method may also include identifying a uniform resource locator (URL) contained in the received email. The method may then include dividing the identified URL into a plurality of component parts. The method may further include generating a tree structure based on the plurality of component parts. The method may also include generating an input string based on the generated tree structure. The method may then include calculating a hash value based on the generated input string. The method may further include determining if the calculated hash value matches a UBE hash value within a plurality of UBE hash values. The method may also include identifying the received email as a UBE based on determining that the calculated hash value matches the UBE hash value.Type: ApplicationFiled: April 28, 2015Publication date: November 3, 2016Inventors: Astrid Granacher, Dirk Harz, Juergen Kader, Johannes Noll, Mark Usher
-
Publication number: 20160321255Abstract: According to one exemplary embodiment, a method for detecting unsolicited bulk emails (UBE) is provided. The method may include receiving an email. The method may also include identifying a uniform resource locator (URL) contained in the received email. The method may then include dividing the identified URL into a plurality of component parts. The method may further include generating a tree structure based on the plurality of component parts. The method may also include generating an input string based on the generated tree structure. The method may then include calculating a hash value based on the generated input string. The method may further include determining if the calculated hash value matches a UBE hash value within a plurality of UBE hash values. The method may also include identifying the received email as a UBE based on determining that the calculated hash value matches the UBE hash value.Type: ApplicationFiled: June 3, 2015Publication date: November 3, 2016Inventors: Astrid Granacher, Dirk Harz, Juergen Kader, Johannes Noll, Mark Usher
-
Publication number: 20150264107Abstract: A mechanism is provided for automatic genre determination of web content. For each type of web content genre, a set of relevant feature types are extracted from collected training material, where genre features and non-genre features are represented by tokens and an integer counts represents a frequency of appearance of the token in both a first type of training material and a second type of training material. In a classification process, fixed length tokens are extracted for relevant features types from different text and structural elements of web content. For each relevant feature type, a corresponding feature probability is calculated. The feature probabilities are combined to an overall genre probability that the web content belongs to a specific trained web content genre. A genre classification result is then output comprising at least one specific trained web content genre to which the web content belongs together with a corresponding genre probability.Type: ApplicationFiled: June 3, 2015Publication date: September 17, 2015Inventors: Dirk Harz, Ralf Iffert, Mark Keinhoerster, Mark Usher
-
Patent number: 8879837Abstract: The invention provides for a computer-implemented method for detecting one or more archive images matching a search image, each matching archive image being a derivative of the search image or being an original image the search image was derived from accessing a plurality of the archive images. For each of said archive images, a respective archive image histogram may be calculated, wherein each archive image histogram includes a plurality of combination micro-feature values. The archive image histogram may be stored to a database.Type: GrantFiled: June 26, 2012Date of Patent: November 4, 2014Assignee: International Business Machines CorporationInventor: Mark Usher
-
Publication number: 20140201113Abstract: A mechanism is provided for automatic genre determination of web content. For each type of web content genre, a set of relevant feature types are extracted from collected training material, where genre features and non-genre features are represented by tokens and an integer counts represents a frequency of appearance of the token in both a first type of training material and a second type of training material. In a classification process, fixed length tokens are extracted for relevant features types from different text and structural elements of web content. For each relevant feature type, a corresponding feature probability is calculated. The feature probabilities are combined to an overall genre probability that the web content belongs to a specific trained web content genre. A genre classification result is then output comprising at least one specific trained web content genre to which the web content belongs together with a corresponding genre probability.Type: ApplicationFiled: December 4, 2013Publication date: July 17, 2014Applicant: International Business Machines CorporationInventors: Dirk Harz, Ralf Iffert, Mark Keinhoerster, Mark Usher
-
Publication number: 20120328189Abstract: The invention provides for a computer-implemented method for detecting one or more archive images matching a search image, each matching archive image being a derivative of the search image or being an original image the search image was derived from accessing a plurality of the archive images. For each of said archive images, a respective archive image histogram may be calculated, wherein each archive image histogram includes a plurality of combination micro-feature values. The archive image histogram may be stored to a database.Type: ApplicationFiled: June 26, 2012Publication date: December 27, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventor: Mark Usher
-
Patent number: 8086675Abstract: A method of generating a fingerprint of a bit sequence includes determining a relative occurrence frequency of each bit combination of a set of bit combinations in the bit sequence, wherein the set of bit combinations comprises all possible non-redundant sub-sequences of bits having at least one bit and at most a preset maximal number of bits. The method further includes determining for each bit combination of the set of bit combinations a difference value between the relative occurrence frequency of the bit combination and a random occurrence frequency, the random occurrence frequency relating to the expected random occurrence of the bit combination in the bit sequence. Moreover, the method includes allocating a set of bins, each bin of the set of bins being associated with a predetermined interval of difference values, each bin further relating to a bin value.Type: GrantFiled: May 13, 2008Date of Patent: December 27, 2011Assignee: International Business Machines CorporationInventor: Mark Usher
-
Patent number: 7552186Abstract: A spam detection system can monitor incoming and outgoing email messages and prevent email messages from being delivered. This spam detection system incorporates a sender ranking system that maintains prior sender's email addresses and an associated reliability value in a database. If an email message is categorized as spam, the system searches to see if the sender is located in the database. If the sender is located in the database and their reliability value is above a certain threshold, the sender's reliability value is decreased and the email message is treated as not spam. If the sender is not located in the database, the email message is discarded as spam. If an email message is not categorized as spam, prior users located in the database will have their reliability values increased, while new users will be entered into the database at a default level.Type: GrantFiled: June 10, 2005Date of Patent: June 23, 2009Assignee: International Business Machines CorporationInventors: Carsten Werner, Mark Usher
-
Publication number: 20090030994Abstract: A method of generating a fingerprint of a bit sequence includes determining a relative occurrence frequency of each bit combination of a set of bit combinations in the bit sequence, wherein the set of bit combinations comprises all possible non-redundant sub-sequences of bits having at least one bit and at most a preset maximal number of bits. The method further includes determining for each bit combination of the set of bit combinations a difference value between the relative occurrence frequency of the bit combination and a random occurrence frequency, the random occurrence frequency relating to the expected random occurrence of the bit combination in the bit sequence. Moreover, the method includes allocating a set of bins, each bin of the set of bins being associated with a predetermined interval of difference values, each bin further relating to a bin value.Type: ApplicationFiled: May 13, 2008Publication date: January 29, 2009Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION (IBM)Inventor: Mark Usher
-
Publication number: 20060031373Abstract: A spam detection system can monitor incoming and outgoing email messages and prevent email messages from being delivered. This spam detection system incorporates a sender ranking system that maintains prior sender's email addresses and an associated reliability value in a database. If an email message is categorized as spam, the system searches to see if the sender is located in the database. If the sender is located in the database and their reliability value is above a certain threshold, the sender's reliability value is decreased and the email message is treated as not spam. If the sender is not located in the database, the email message is discarded as spam. If an email message is not categorized as spam, prior users located in the database will have their reliability values increased, while new users will be entered into the database at a default level.Type: ApplicationFiled: June 10, 2005Publication date: February 9, 2006Applicant: Internet Security Systems, Inc.Inventors: Carsten Werner, Mark Usher