DETECTION AND CATEGORIZATION OF MALICIOUS URLS
First Claim
Patent Images
1. A method comprising:
- receiving a uniform resource locator (URL);
extracting features associated with the URL, the features including at least one link popularity feature of the URL;
employing, via one or more processors, a binary classification model to determine that the URL is a malicious URL based at least in part on the extracted features; and
categorizing the malicious URL as one of a benign URL, a spam URL, a phishing URL, a malware URL, or a multi-type attack URL.
3 Assignments
0 Petitions
Accused Products
Abstract
This document describes techniques for using features extracted from a URL to detect a malicious URL and categorize the malicious URL as one of a phishing URL, a spamming URL, a malware URL or a multi-type attack URL. The techniques employ one or more machine learning algorithms to train classification models using a set of training data which includes a known set of benign URLs and a known set of malicious URLs. The classification models are then employed to detect and/or categorize a malicious URL.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving a uniform resource locator (URL); extracting features associated with the URL, the features including at least one link popularity feature of the URL; employing, via one or more processors, a binary classification model to determine that the URL is a malicious URL based at least in part on the extracted features; and categorizing the malicious URL as one of a benign URL, a spam URL, a phishing URL, a malware URL, or a multi-type attack URL. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
one or more processors; and a memory, coupled to the one or more processors, storing executable instructions including; a link popularity feature extraction module to extract link popularity features; and a binary classification model that uses the link popularity features to classify a received uniform resource locator (URL) as a malicious URL or a benign URL. - View Dependent Claims (14, 15)
-
-
16. A method comprising:
-
receiving a uniform resource locator (URL) from a web browser or a search engine; extracting one or more link popularity features associated with the URL; employing one or more classification models to determine whether the URL is a malicious URL based on the one or more link popularity features; and providing, via a computing device, a notification when the URL is a malicious URL. - View Dependent Claims (17, 18, 19, 20)
-
Specification