[go: up one dir, main page]

WO2020081027A1 - Cyber security system - Google Patents

Cyber security system Download PDF

Info

Publication number
WO2020081027A1
WO2020081027A1 PCT/TR2019/050188 TR2019050188W WO2020081027A1 WO 2020081027 A1 WO2020081027 A1 WO 2020081027A1 TR 2019050188 W TR2019050188 W TR 2019050188W WO 2020081027 A1 WO2020081027 A1 WO 2020081027A1
Authority
WO
WIPO (PCT)
Prior art keywords
mail
users
harmful
mails
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/TR2019/050188
Other languages
French (fr)
Inventor
Recep DOĞAN
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of WO2020081027A1 publication Critical patent/WO2020081027A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/212Monitoring or handling of messages using filtering or selective blocking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/42Mailbox-related aspects, e.g. synchronisation of mailboxes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/084Backpropagation, e.g. using gradient descent

Definitions

  • the invention is related to a cyber security system which aims to prevent users and institutions being hacked via harmful e-mails.
  • the present invention has been developed in order to eliminate the disadvantages mentioned above and is related to a cyber security system in order to provide new advantages to the related technical field.
  • This system shall be referred to us as OLTA.
  • the aim of the invention is to determine phishing e-mails by means of the OLTA application without the need to depend on the awareness levels of users.
  • Another aim of the invention is to ensure that even users who do not know anything about cyber security are helped by making them aware of harmful e-mails by informing them instantly using OLTA and taking the necessary action to eliminate such harmful e-mails by detecting harmful e-mails without the need to user’s awareness
  • Another aim of the invention is to allow automatic securtiy checks of e-mails received by users instead of manual checking and to determine of the received e-mail is harmful or not by using trained artifical intelligence using mail samples that have been used in real phishing attacks.
  • the cyber security system subject to the invention is basically formed of 2 components. These components are the Application that is to be formed as an add-in to the mail boxes that the users have in order for the mails received by users to be analyzed, and the I nterface which enables for the e-mail information received by the users to be checked by the cyber security team of the institution. I t is enabled by OLTA, subject to the invention to,
  • I nterface processes such as ensuring that information related to e-mails that have been sent to employees of an institution are managed over a single interface, ensuring cyber security staff of institutions to carry out quick queries with the interface to be formed on big data applications and to rapidly acquire information regarding harmful e-mails and to carry our procedures such as rule creating, application management and sample phishing scenarios defining in order to increase awareness of users against phishing attacks.
  • Example 1 Create a warning if 10 users have received suspicious e-mails in 5 minutes.
  • Example 2 Create a warning if 1 user has received 10 suspicious e-mails in 30 days.
  • Example 3 Create a warning if a suspicious e-mail is received at an e-mail address that is externally disclosed.
  • the process of entering definitions can be evaluated as a black list.
  • the link, attachment and information such as the e-mail address of the sender inside the harmful e-mail shall be added in blacklist on the interface of the application
  • the application submits the related information regarding the e-mails to the interface.
  • the application shall be enabled for an institution which has hundreds of users to be able to observe the information belonging to e-mails which may be harmful from a single point on the interface that is to be used, rather than observing said information from the mail box of each user.
  • Operation method of Oita which is a cyber security system according to the information described above; characterized by the following;

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention is related to a cyber security system which aims to prevent users and institutions being hacked via harmful e-mails. The two main components of the system are the application that is to be formed as an add-in to the mail boxes that the users have in order for the mails received by users to be analyzed, and the interface which enables for the e-mail information received by the users to be checked by the cyber security team of the institution.

Description

CYBER SECURI TY SYSTEM
TECHNI CAL FI ELD
The invention is related to a cyber security system which aims to prevent users and institutions being hacked via harmful e-mails.
KNOWN STATE OF THE ART
Nowadays institutions are carrying out studies to increase the awareness levels of employees by giving training against harmful e-mails and by sending phishing e-mails to them which do not contain harmful content. The method that is being presently applied is dependent on the awareness of users against phishing attacks. I n this case when harmful e- mails slip the attention of users, institutions cannot avoid phishing attacks. Therefore it is impossible to automatically prevent or detect phishing attacks.
BRI EF DESCRI PTI ON OF THE I NVENTI ON
The present invention has been developed in order to eliminate the disadvantages mentioned above and is related to a cyber security system in order to provide new advantages to the related technical field. This system shall be referred to us as OLTA.
The aim of the invention, is to determine phishing e-mails by means of the OLTA application without the need to depend on the awareness levels of users.
Another aim of the invention is to ensure that even users who do not know anything about cyber security are helped by making them aware of harmful e-mails by informing them instantly using OLTA and taking the necessary action to eliminate such harmful e-mails by detecting harmful e-mails without the need to user’s awareness
Another aim of the invention is to allow automatic securtiy checks of e-mails received by users instead of manual checking and to determine of the received e-mail is harmful or not by using trained artifical intelligence using mail samples that have been used in real phishing attacks.
DETAI LED DESCRI PTI ON OF THE I NVENTI ON
The novelty of the invention has been described with examples that shall not limit the scope of the invention and which have been intended to only clarify the subject matter of the invention.
The cyber security system subject to the invention is basically formed of 2 components. These components are the Application that is to be formed as an add-in to the mail boxes that the users have in order for the mails received by users to be analyzed, and the I nterface which enables for the e-mail information received by the users to be checked by the cyber security team of the institution. I t is enabled by OLTA, subject to the invention to,
• Warning users automatically against phishing attacks,
• Detecting harmful e-mails using Artificial intelligence algorithm that has been trained using e-mails subject to real phishing attacks in the past,
• Checking if the user has previously received an e-mail from the sender address that has sent the e-mail within a certain period of time,
• Sending the phishing e-mail to the interface via the Application if the user notices the phishing e-mail,
• Querying information of the e-mail belongs to the users on the interface (sender, country, I P, query of attachments and links) ,
• Creating rules on the interface and indentifying potentially compromised e-mail accounts on the I nterface,
• Entering and identifying indicators of previously used phishing attacks into the I nterface and checking similar attacks have being carried out in an institution using OLTA
• Cyber Security analysis of previously used phishing attack examples,
• Carrying out test phishing attacks in order to increase the awareness of users, using exemplary templates.
Artificial I ntelligence Algorithm I n order for the artificial intelligence to produce successful results, the features that need to be used for the training of artificial intelligence needs to be highly determinative.
Features that are established as the result of artificial intelliaence
These features are derived from the e-mails that have been received. It is determined if the e-mail is harmful or not by providing these features to the artificial intelligence algorithm . ( Example: Feed forward back propagation algoritmasi etc.)
With the I nterface, processes such as ensuring that information related to e-mails that have been sent to employees of an institution are managed over a single interface, ensuring cyber security staff of institutions to carry out quick queries with the interface to be formed on big data applications and to rapidly acquire information regarding harmful e-mails and to carry our procedures such as rule creating, application management and sample phishing scenarios defining in order to increase awareness of users against phishing attacks.
The security teams that are using the application can create rules according to their needs. A few examples have been given below.
Example 1 : Create a warning if 10 users have received suspicious e-mails in 5 minutes.
Example 2: Create a warning if 1 user has received 10 suspicious e-mails in 30 days.
Example 3: Create a warning if a suspicious e-mail is received at an e-mail address that is externally disclosed.
The process of entering definitions can be evaluated as a black list. The link, attachment and information such as the e-mail address of the sender inside the harmful e-mail shall be added in blacklist on the interface of the application
The application submits the related information regarding the e-mails to the interface. Thereby it shall be enabled for an institution which has hundreds of users to be able to observe the information belonging to e-mails which may be harmful from a single point on the interface that is to be used, rather than observing said information from the mail box of each user. Operation method of Oita which is a cyber security system according to the information described above; characterized by the following;
• The automatic commencement of operation of the Application if an e-mail is received from outside the institution to users who have already installed the Application component which is formed as an add-in to the mail box of the users in order to analyze the e-mail received by users,
• Automatic examination of the e-mail received by the user, according to header of e- mail, the subject of the e-mail, sender of the e-mail, contents of the e-mail, files attached to the e-mail and the links found inside the e-mail,
• Creating features which form the result of the artificial intelligence and which are used in order to understand if the e-mail is harmful or not by means of the information obtained as a result of the analysis,
• Determining if the e-mail is harmful or not by the submission of the features obtained from the e-mail to the trained artificial intelligence on the application
• Creating rules by correlating data submitted from the Application in order to create alerts on the interface, in accordance with the requirement of security team of the institution,
• Creating a warning via the Application on the mailbox, for the users according to the result of the artificial intelligence and the rules to be created,
• Taking actions regarding harmful e-mails,
• Submitting information of the mail received by the users to the I nterface in order for said information to be checked by the security team of the instutution if the users have clicked on the warning,
• Submitting of suspicious e-mails in order for them to be checked by the security team of the institution by clicking on the button on the application in the case that users are suspicious of such e-mails that were not detected to be harmful by the artificial intelligence,
• Carrying out queries, reporting, creating of rules, entering of definitions and performing Security analysis regarding the e-mail information submitted by the user
• Taking actions regarding said e-mails.

Claims

CLAI MS
1 . A Cyber security system which aims to prevent users and institutions from being hacked via harmful e-mails characterized by comprising ;
• An I nterface which has been formed in order to provide the management of information belonging to the e-mails that may be harmful and the management of information from a single point instead of the mail box of each user, which enables the determination of users whose e-mail accounts have been compromised, the detection if e-mail is harmful or not according to result of Artificial intelligence the enquiry of e-mail information of users, and creation of rules, which analyzes the previous phishing attacks and which enables to control e-mail information submitted to the users by the security team of the institution,
• Application means formed as an add-in to the mail box of users in order to analyze the mail received by the users, which provides a warning on the mail box to the users according to the rules to be created and the result obtained by artificial intelligence and which enables to determine if the e-mail is harmful or not as a result of submitting the features obtained from the e-mail to the trained artificial intelligence, and which allows the e-mail to be submitted to the interface if the users notice a harmful e-mail.
2. An operation method of the cyber security system characterized by comprising the following process steps;
• Automatically analysing the e-mail, if an e-mail is received externally from outside the institution by users who have installed the Application component,
• generating features which form the result of the artificial intelligence and which are used in order to detect if the e-mail is harmful or not by means of the information obtained as a result of the examination,
• Determining if the e-mail is harmful or not according to the trained artificial intelligence using features on the Application,
• Creating rules by correlating data submitted from the Application in order to create alerts on the interface, in accordance with the requirement of security team of the institution,
• Creating a warning via the Application on the mailbox, for the users according to the result of the artificial intelligence and the rules to be created,
• Taking action regarding harmful e-mails, • Submitting information of the mail received by the users to the I nterface in order for said information to be checked by the security team of the instutution if the users have clicked on the warning,
• Submitting of suspicious e-mails in order for them to be checked by the security team of the institution by clicking on the button on the application in the case that users are suspicious of such e-mails that were not detected to be harmful by the artificial intelligence,
• Carrying out queries, reporting, creating of rules, entering of definitions and performing Security analysis regarding the e-mail information submitted by the user
• Taking actions regarding said e-mails.
PCT/TR2019/050188 2018-10-18 2019-03-25 Cyber security system Ceased WO2020081027A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
TR201815508 2018-10-18
TR2018/15508 2018-10-18

Publications (1)

Publication Number Publication Date
WO2020081027A1 true WO2020081027A1 (en) 2020-04-23

Family

ID=70283306

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/TR2019/050188 Ceased WO2020081027A1 (en) 2018-10-18 2019-03-25 Cyber security system

Country Status (1)

Country Link
WO (1) WO2020081027A1 (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060101120A1 (en) * 2004-11-10 2006-05-11 David Helsper Email anti-phishing inspector
US20070192855A1 (en) * 2006-01-18 2007-08-16 Microsoft Corporation Finding phishing sites
US20140298460A1 (en) * 2013-03-26 2014-10-02 Microsoft Corporation Malicious uniform resource locator detection
US9154514B1 (en) * 2012-11-05 2015-10-06 Astra Identity, Inc. Systems and methods for electronic message analysis
US20150365369A1 (en) * 2005-03-03 2015-12-17 Iconix, Inc. User interface for email inbox to call attention differently to different classes of email
US20160057167A1 (en) * 2014-08-21 2016-02-25 Salesforce.Com, Inc. Phishing and threat detection and prevention
US10187407B1 (en) * 2013-02-08 2019-01-22 Cofense Inc. Collaborative phishing attack detection

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060101120A1 (en) * 2004-11-10 2006-05-11 David Helsper Email anti-phishing inspector
US20150365369A1 (en) * 2005-03-03 2015-12-17 Iconix, Inc. User interface for email inbox to call attention differently to different classes of email
US20070192855A1 (en) * 2006-01-18 2007-08-16 Microsoft Corporation Finding phishing sites
US9154514B1 (en) * 2012-11-05 2015-10-06 Astra Identity, Inc. Systems and methods for electronic message analysis
US10187407B1 (en) * 2013-02-08 2019-01-22 Cofense Inc. Collaborative phishing attack detection
US20140298460A1 (en) * 2013-03-26 2014-10-02 Microsoft Corporation Malicious uniform resource locator detection
US20160057167A1 (en) * 2014-08-21 2016-02-25 Salesforce.Com, Inc. Phishing and threat detection and prevention

Similar Documents

Publication Publication Date Title
US10819744B1 (en) Collaborative phishing attack detection
US11516248B2 (en) Security system for detection and mitigation of malicious communications
US10243989B1 (en) Systems and methods for inspecting emails for malicious content
CN109328448B (en) Junk mail classification system based on network flow data
US9628507B2 (en) Advanced persistent threat (APT) detection center
US20190052655A1 (en) Method and system for detecting malicious and soliciting electronic messages
US20220156372A1 (en) Cybersecurity system evaluation and configuration
US8813228B2 (en) Collective threat intelligence gathering system
KR101686144B1 (en) System and methods for spam detection using frequency spectra of character strings
CA2513967A1 (en) Feedback loop for spam prevention
WO2019141091A1 (en) Method, system, and device for mail monitoring
US20240380781A1 (en) Autonomous email report generator
CN112118220A (en) A network security level protection evaluation method and evaluation system
Walker et al. Cuckoo’s malware threat scoring and classification: Friend or foe?
CN115378712B (en) Threat information sharing method based on government block chain base
US12166790B2 (en) Methods and apparatus for visualization of machine learning malware detection models
Buddenhagen et al. Factors impacting the detection of weed seed contaminants in seed lots
Anandita et al. Implementation of dendritic cell algorithm as an anomaly detection method for port scanning attack
KR102295947B1 (en) System and method for real time monitoring of cyber secure management
WO2020081027A1 (en) Cyber security system
Morovati et al. Detection of Phishing Emails with Email Forensic Analysis and Machine Learning Techniques.
CN116389031A (en) Malicious mail detection method and device, storage medium and electronic equipment
Nikolaienko et al. Application of the Threat Intelligence platformto increase the security of governmentinformation resources
Maleki et al. Generating phishing emails using graph database
Ramu et al. Identifying Under Attack Hateful Email

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19873497

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19873497

Country of ref document: EP

Kind code of ref document: A1