METHOD AND SYSTEM FOR DETERMINING A PROBABILITY OF ENTRY OF A COUNTERFEIT DOMAIN IN A BROWSER
First Claim
1. A method for determining a probability that a suspected domain name associated with a suspected domain, accessed using a universal resource locator (URL) entered as a character string into a browser associated with a client in a network environment, is a counterfeit of a legitimate domain name, the method comprising:
- parsing a first character string entered into the browser, the first character string associated with the suspected domain name, to identify one or more predetermined characters in the suspected domain name having a known likelihood of being deceptively substituted for a corresponding one or more legitimate characters associated with the legitimate domain name;
generating an alternate domain name by substituting at least one of the one or more predetermined characters with the corresponding one or more legitimate characters; and
attempting to resolve an alternate domain associated with the alternate domain name,wherein if the alternate domain name is successfully resolved, a non-zero probability is assigned to the suspected domain name as being the counterfeit of the legitimate domain name.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide a method and system for determining a probability that a suspected domain name of a domain accessed using a universal resource locator (URL), which can be entered as a character string into a browser associated with a client in a net environment, is a counterfeit of a legitimate domain name. Characters in the suspected domain name can be identified as known as likely to be deceptively substituted for corresponding legitimate characters of a legitimate domain name. An alternate domain name is generated by substituting predetermined characters with the corresponding legitimate characters. An attempt can be made to resolve alternate domains of the alternate domain names. If the names are successfully resolved, a non-zero probability is assigned to the suspected domain name as being counterfeit.
-
Citations
20 Claims
-
1. A method for determining a probability that a suspected domain name associated with a suspected domain, accessed using a universal resource locator (URL) entered as a character string into a browser associated with a client in a network environment, is a counterfeit of a legitimate domain name, the method comprising:
-
parsing a first character string entered into the browser, the first character string associated with the suspected domain name, to identify one or more predetermined characters in the suspected domain name having a known likelihood of being deceptively substituted for a corresponding one or more legitimate characters associated with the legitimate domain name; generating an alternate domain name by substituting at least one of the one or more predetermined characters with the corresponding one or more legitimate characters; and attempting to resolve an alternate domain associated with the alternate domain name, wherein if the alternate domain name is successfully resolved, a non-zero probability is assigned to the suspected domain name as being the counterfeit of the legitimate domain name. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for determining a predetermined threat level of a suspected domain accessed using a universal resource locator (URL) including a suspected domain name entered as a character string into a browser associated with a client in a network environment, the threat level determined local to the client prior to access to the suspected domain, the method comprising:
-
parsing a first character string entered into the browser, the first character string associated with the suspected domain name of the suspected domain; and assigning the predetermined threat level of the suspected domain name based on a locally-executed procedure that evaluates criteria associated with the first character string, wherein the predetermined threat level corresponds to a threat that the suspected domain is a counterfeit of a legitimate domain. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A client in a computer network having a domain name server (DNS), the client interacting with domains in the computer network, the client comprising:
-
a network connection to the computer network; and a browser coupled to the network connection, the browser configured to; compare a first character string corresponding to a universal resource locator (URL) including a suspected domain name associated with a suspected domain in the computer network; determine an alternate domain associated with the suspected domain name by forming a second character string using a character substitution procedure; submit the first character string and a second character string to the DNS; and assign a first likelihood that the suspected domain is a counterfeit of an actual domain if the DNS can resolve the second character string associated with the alternate domain. - View Dependent Claims (18, 19)
-
-
20. An article of manufacture comprising:
-
a computer readable medium; and instructions contained on the medium, the instructions readable by a processor for causing the processor to; detect a universal resource locator (URL) including a suspected domain name input in a browser, the URL having a suspected alphanumeric character string identifying the input suspected domain name; generate alternative alphanumeric character strings associated with alternate domain names by substituting non-standard characters appearing in the suspected alphanumeric character string with predetermined standard characters and resolving the resulting alternative domain names to determine if any of the alternate domain names can be successfully resolved; and assign a probability that the input suspected domain name is associated with a counterfeit domain if the any of the alternate domain names can be successfully resolved.
-
Specification