PHISH PROBABILITY SCORING MODEL
First Claim
Patent Images
1. A system comprising:
- a processor for execution of a threat detection application for determining the probability that a website link is associated with fraudulent activity;
a communication device associated with the processor for receiving a website link; and
a database associated with the processor, the database comprising;
a plurality of different keyword combinations that have been identified in previously received website links; and
for each of the different keyword combination, a total number of instances a website link containing the respective keyword combination has been received by the system and a number of instances a website link containing the respective keyword combination was associated with fraudulent activity;
wherein the threat detection application executed by the processor is configured to;
review each website link received by the system to identify which of the keyword combinations is included in the website link; and
calculate a threat score for each website link based the total number of instances a website link containing the same keyword combination has been received by the system and the number of instances a website link containing the same keyword combination was associated with fraudulent activity.
3 Assignments
0 Petitions
Accused Products
Abstract
In general, embodiments of the invention relate to systems, methods, and computer program products for determining the probability that a given website is conducting or is related to fraudulent activity, including phishing activity. More particularly, embodiments of the invention relate to automatically monitoring and scoring URLs for fraudulent activity by parsing keywords, combinations of keywords, and other relevant data from an input communication, such as an email, and analyzing the data obtained against a database containing a plurality of grading factors.
-
Citations
20 Claims
-
1. A system comprising:
-
a processor for execution of a threat detection application for determining the probability that a website link is associated with fraudulent activity; a communication device associated with the processor for receiving a website link; and a database associated with the processor, the database comprising; a plurality of different keyword combinations that have been identified in previously received website links; and for each of the different keyword combination, a total number of instances a website link containing the respective keyword combination has been received by the system and a number of instances a website link containing the respective keyword combination was associated with fraudulent activity; wherein the threat detection application executed by the processor is configured to; review each website link received by the system to identify which of the keyword combinations is included in the website link; and calculate a threat score for each website link based the total number of instances a website link containing the same keyword combination has been received by the system and the number of instances a website link containing the same keyword combination was associated with fraudulent activity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
storing in a database the following information; a plurality of different keyword combinations that have been identified in previously received website links; and for each of the different keyword combination, a total number of instances a website link containing the respective keyword combination has been received by the system and a number of instances a website link containing the respective keyword combination was associated with fraudulent activity; using a processor to access the database and execute a threat detection application for determining the probability that a website link is associated with fraudulent activity; wherein the threat detection application executed by the processor is configured to; review each website link received by the system to identify which of the keyword combinations is included in the website link; and calculate a threat score for each website link based the total number of instances a website link containing the same keyword combination has been received by the system and the number of instances a website link containing the same keyword combination was associated with fraudulent activity. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer program product for determining the probability that a website link is associated with fraudulent activity, the computer program product comprising a computer-readable medium having computer-executable instructions embodied therein, said computer-executable instructions comprising:
-
first instructions configured to store in a database a plurality of different keyword combinations that have been identified in previously received website links; second instructions configured to store in the database, for each of the different keyword combinations, a total number of instances a website link containing the respective keyword combination has been received by the system and a number of instances a website link containing the respective keyword combination was associated with fraudulent activity; third instructions configured to receive from a client device a website link in question; fourth instructions configured to identify which of the keyword combinations is included in the website link in question; and fifth instructions configured to determine the probability that the website link in question is associated with fraudulent activity by dividing the total number of instances a website link has been stored in the database having the same keyword combination identified in the website link in question by the number of instances a website link has been stored in the database having the same keyword combination and being associated with fraudulent activity.
-
Specification