ANTI-CONTENT SPOOFING (ACS)

US 20080289047A1
Filed: 05/14/2007
Published: 11/20/2008
Est. Priority Date: 05/14/2007
Status: Active Grant

First Claim

Patent Images

1. An anti-content spoofing system, comprising:

a learning component that determines a list of one or more web pages to be recorded and records information associated with the one or more web pages; and

a checking component that compares a browsed webpage to the one or more recorded web pages and determines if the browsed webpage is a spoof based on the comparison of information associated with the web pages, the information includes at least a fingerprint of the web pages.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system to prevent content spoofing by detecting phishing attacks is provided. The system checks each webpage visited by a user and determines if the page is legitimate. To determine if a page is legitimate, the system employs fingerprints to check how similar the browsed page is with respect to an original page. If the similarity between browsed page and the original page is found to be more than a preset threshold, then the browsed page is considered to be a spoofed page. Access to the spoofed page is then either denied and/or an alarm is triggered.

Citations

20 Claims

1. An anti-content spoofing system, comprising:
- a learning component that determines a list of one or more web pages to be recorded and records information associated with the one or more web pages; and
  
  a checking component that compares a browsed webpage to the one or more recorded web pages and determines if the browsed webpage is a spoof based on the comparison of information associated with the web pages, the information includes at least a fingerprint of the web pages.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1, further comprising:
    - a traffic analyzing component that selects the one or more web pages to be recorded from traffic across a network; and
      
      a page recording component that records the information associated with the selected one or more web pages.
  - 3. The system of claim 2, further comprising:
    - a fingerprint extracting component that determines the fingerprint of the selected one or more web pages; and
      
      a database that stores the fingerprint along with information associated with each of the selected one or more web pages.
  - 4. The system of claim 3, wherein the information associated with the selected one or more web pages includes at least one of a URL (Uniform Resource Locator), name, or IP (Internet protocol) address.
  - 5. The system of claim 2, wherein the one or more web pages are selected based on at least one of a pre-learned database, a user input or dynamic analysis of the traffic.
  - 6. The system of claim 5, further comprising:
    - a URL (Uniform Resource Locator) scanning component that scans a URL of each of the selected one or more web pages to determine factors relating to a user'"'"'s personal information; and
      
      a risk calculating component that calculates a risk factor based at least in part on the factors scanned, the risk factor is compared to a threshold to determine if the information associated with the selected one or more web pages should be recorded.
  - 7. The system of claim 6, wherein the information associated with the selected one or more web pages is recorded if the risk factor is greater than a threshold.
  - 8. The system of claim 1, further comprising:
    - a monitoring component that monitors a plurality of web page browsed by a user;
      
      a fingerprint computing component that calculates the fingerprint of each of the browsed web page;
      
      a comparison component that calculates if the similarity between the browsed page and the one or more web pages is greater than a determined threshold to determine if the browsed web page is a spoof, andan output component that triggers an alarm if the browsed web page is determined to be a spoof.
  - 9. The system of claim 8, wherein the comparison component compares at least one of a URL (Uniform Resource Locator), name or IP (Internet Protocol) address of the browsed web page and a disparate web page wherein the similarity between the browsed page and the disparate web page is greater than the determined threshold.
  - 10. The system of claim 9, wherein the comparison component further determines that the browsed page is spoofed if the at least one of a URL (Uniform Resource Locator), name or IP (Internet Protocol) address of the browsed page and the web page are different.
  - 11. The system of claim 10, wherein the comparison component further determines that the browsed page is legitimate if the at least one of a URL (Uniform Resource Locator), name or IP (Internet Protocol) address of the browsed page and the disparate web page are the same.
  - 12. The system of claim 8, wherein the comparison component determines the browsed page is legitimate if the similarity between the browsed page and the one or more web pages is less than the determined threshold.
  - 13. The system of claim 8, wherein the output component denies access to the browsed page if the browsed page is determined to be spoofed.

14. A method of detecting content spoofing, comprising:
- determining a set of one or more web pages to be recorded;
  
  recording information associated with the set of one or more web pages, the information including at least a fingerprint of the set of one or more web pages;
  
  monitoring a web page browsed by a user;
  
  generating information associated with the browsed web page, the information including at least a fingerprint of the browsed web page; and
  
  comparing the information associated with the browsed web page to that of the set of one or more web pages to determine if the browsed web page is spoofed.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, further comprising determining the set of one or more web pages by at least one of a user input, a pre-learned database or dynamically determining one or more web pages based on calculation of a risk factor.
  - 16. The method of claim 14, further comprising automatically determining the set of one or more web pages to be recorded by employing an artificial intelligence based scheme.
  - 17. The method of claim 14, further comprising:
    - determining similarity between the browsed web page and each of the set of one or more web pages;
      
      determining a query web page from the set of one or more web pages that is similar to the browsed web page greater than a threshold;
      
      comparing at least one of the URL (Uniform Resource Locator), name or IP (Internet Protocol) address of the browsed page with the query page; and
      
      determining if the browsed page is spoofed based on the comparison.

18. A system that dynamically detects content spoofing, comprising:
- means for determining a set of one or more web pages to be recorded;
  
  means for recording information associated with the set of one or more web pages, the information including at least a fingerprint of each of the set of one or more web pages;
  
  means for dynamically generating information associated with a web page browsed by a user, the information including at least a fingerprint of the browsed web page;
  
  means for comparing the information associated with the browsed web page to that of the set of one or more web pages; and
  
  means for determining if the browsed webpage is spoofed based on the comparison.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, further comprising:
    - means for automatically determining the set of one or more web pages to be recorded based on an analysis of web pages browsed by a user.
  - 20. The system of claim 18, further comprising:
    - means for comparing at least one of a URL (Uniform Resource Locator), name or IP (Internet Protocol) address of the browsed page and a query page from the set of one or more web pages, the query page is similar to the browsed webpage by a value greater than a threshold;
      
      means for determining if the browsed page is spoofed if the at least one of a URL (Uniform Resource Locator), name or IP (Internet Protocol) address of the browsed page and the query page are not the same; and
      
      means for at least one of, denying access to the browsed page, or triggering an alarm, if the browsed page is spoofed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Varanasi, Ravi, Mihailovici, Virgil, Benea, Robert, Puri, Avneet Kaur

Granted Patent

US 8,205,255 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/27
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

H04L 63/0876   based on the identity of th...

H04L 63/1483   service impersonation, e.g....

ANTI-CONTENT SPOOFING (ACS)

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ANTI-CONTENT SPOOFING (ACS)

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links