Methods for preventing cyber intrusions and phishing activity
First Claim
1. A system for mitigating attacks on a computer network, the system comprising:
- a web interface configured to receive target domain name input;
a remote computing server that is configured to generate phishing domain names and that comprises one or more computer processors and a memory storing computer-executable instructions that when executed by the one or more computer processors perform the steps of;
receiving the target domain input, wherein the target domain input comprises a domain name associated with a target entity or target entity data that is useable to generate a plurality of phishing attack domain names;
using the target domain name input to create a plurality of phishing attack domain names, wherein creating the plurality of phishing attack domain names includes;
identifying a plurality of domain name transformation operations that operate to transform the domain name associated with the target entity to one or more attack domain names;
selecting one or more of the identified domain name transformation operations based on features of the domain name; and
applying the selected domain name transformation operations to the domain name;
generating a phishing value for each of the plurality of phishing attack domain names, wherein generating the phishing value includes calculating a likelihood a user would succumb to a phishing attack using a respective phishing attack domain name of the plurality of phishing attack domain names;
setting a phishing value threshold indicating a minimum likelihood of implementing the phishing attack with a created phishing attack domain name;
dynamically changing the phishing value threshold based on a number of phishing attack domain names created;
calculating a visual similarity score for each of the plurality of phishing attack domain names, wherein the visual similarity score indicates a level of resemblance between the target domain name and a phishing attack domain name of the plurality of phishing attack domain names;
selecting a subset of the plurality of phishing attack domain names based on the phishing value threshold and the visual similarity;
implementing one or more computer security protocols that mitigate the likelihood or the probability that the plurality of phishing attack domain names are used in the phishing campaign against the computer network, wherein implementing the one or more computer security protocols includes;
generating one or more e-mail validation policies that restrict e-mail activity from the subset of the plurality of phishing attack domain names to one or more networked devices of the computer network;
updating a security certificate for each of the phishing attack domain names in the subset; and
managing access to each of the phishing attack domain names based on the security certificate.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for mitigating cyber intrusions includes: receiving target domain input, wherein the target domain input comprises a domain name associated with a target entity or target entity data that is useable to generate phishing attack domain names; using the target domain name input to generate the phishing attack domain names, wherein the phishing attack domain names include a plurality of domain names each having a phishing value comprising a likelihood or a probability of being used in a phishing campaign against the digital resources, where the likelihood or the probability satisfies a predetermined phishing value threshold; arranging the phishing attack domain names in a hierarchical order; and implementing one or more digital resources security protocols that mitigates the likelihood or the probability that selected domain names of the phishing attack domain names may be used in the phishing campaign against the digital resources.
50 Citations
20 Claims
-
1. A system for mitigating attacks on a computer network, the system comprising:
-
a web interface configured to receive target domain name input; a remote computing server that is configured to generate phishing domain names and that comprises one or more computer processors and a memory storing computer-executable instructions that when executed by the one or more computer processors perform the steps of; receiving the target domain input, wherein the target domain input comprises a domain name associated with a target entity or target entity data that is useable to generate a plurality of phishing attack domain names; using the target domain name input to create a plurality of phishing attack domain names, wherein creating the plurality of phishing attack domain names includes; identifying a plurality of domain name transformation operations that operate to transform the domain name associated with the target entity to one or more attack domain names; selecting one or more of the identified domain name transformation operations based on features of the domain name; and applying the selected domain name transformation operations to the domain name; generating a phishing value for each of the plurality of phishing attack domain names, wherein generating the phishing value includes calculating a likelihood a user would succumb to a phishing attack using a respective phishing attack domain name of the plurality of phishing attack domain names; setting a phishing value threshold indicating a minimum likelihood of implementing the phishing attack with a created phishing attack domain name; dynamically changing the phishing value threshold based on a number of phishing attack domain names created; calculating a visual similarity score for each of the plurality of phishing attack domain names, wherein the visual similarity score indicates a level of resemblance between the target domain name and a phishing attack domain name of the plurality of phishing attack domain names; selecting a subset of the plurality of phishing attack domain names based on the phishing value threshold and the visual similarity; implementing one or more computer security protocols that mitigate the likelihood or the probability that the plurality of phishing attack domain names are used in the phishing campaign against the computer network, wherein implementing the one or more computer security protocols includes; generating one or more e-mail validation policies that restrict e-mail activity from the subset of the plurality of phishing attack domain names to one or more networked devices of the computer network; updating a security certificate for each of the phishing attack domain names in the subset; and managing access to each of the phishing attack domain names based on the security certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for preventing a cyber intrusion of digital resources of a target entity, the method comprising:
at a web computing server; receiving target domain input, wherein the target domain input comprises a domain name associated with a target entity or target entity data that is useable to create a plurality of phishing attack domain names; using the target domain name input to create the plurality of phishing attack domain names, wherein creating the plurality of phishing attack domain names includes; identifying a plurality of domain name transformation operations that operate to transform the domain name associated with the target entity to one or more attack domain names; selecting one or more of the identified domain name transformation operations based on features of the domain name; and applying the selected domain name transformation operations to the domain name; generating a phishing value for each of the plurality of phishing attack domain names, wherein generating the phishing value includes calculating a likelihood a user would succumb to a phishing attack using a respective phishing attack domain name of the plurality of phishing attack domain names; setting a phishing value threshold indicating a minimum likelihood of implementing the phishing attack with a created phishing attack domain name; dynamically changing the phishing value threshold based on a number of phishing attack domain names created; calculating a visual similarity score for each of the plurality of phishing attack domain names, wherein the visual similarity score indicates a level of resemblance between the target domain name and a phishing attack domain name of the plurality of phishing attack domain names; selecting a subset of the plurality of phishing attack domain names based on the phishing value threshold and the visual similarity; implementing one or more digital resources security protocols that mitigates the likelihood or the probability that selected domain names of the plurality of phishing attack domain names may be used in the phishing campaign against the digital resources, wherein implementing the one or more computer security protocols includes;
generating one or more e-mail validation policies that restrict e-mail activity from the subset of the plurality of phishing attack domain names to one or more networked devices of the computer network;updating a security certificate for each of the phishing attack domain names in the subset; and managing access to each of the phishing attack domain names based on the security certificate. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
Specification