Finding phishing sites
First Claim
1. In a computing environment, a method comprising:
- processing data from at least one data source related to phishing sites; and
using a predictive model to determine whether a site is likely to be a phishing site.
2 Assignments
0 Petitions
Accused Products
Abstract
Described is a technology by which phishing-related data sources are processed into aggregated data and a given site evaluated the aggregated data using a predictive model to automatically determine whether the given site is likely to be a phishing site. The predictive model may be built using machine learning based on training data, e.g., including known phishing sites and/or known non-phishing sites. To determine whether an object corresponding to a site is likely a phishing-related object are described, various criteria are evaluated, including one or more features of the object when evaluated. The determination is output in some way, e.g., made available to a reputation service, used to block access to a site or warn a user before allowing access, and/or used to assist a hand grader in being more efficient in evaluating sites.
191 Citations
20 Claims
-
1. In a computing environment, a method comprising:
-
processing data from at least one data source related to phishing sites; and
using a predictive model to determine whether a site is likely to be a phishing site. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. In a computing environment, a system comprising:
-
means for converting phishing-related source data into aggregated data; and
means for determining whether an object corresponding to a site is likely a phishing-related object based on one or more features determined from the aggregated data. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. At least one computer-readable medium having computer-executable instructions, which when executed perform steps, comprising:
-
aggregating phishing-related data from a plurality of sources including at least one source corresponding to an email service and at least one source corresponding to an internet access service; and
predicting whether a site is likely to be a phishing site based on features of the site when evaluated against the aggregated data. - View Dependent Claims (19, 20)
-
Specification