SYSTEMS AND METHODS FOR DETECTING MALICIOUS MOBILE WEBPAGES
First Claim
Patent Images
1. A method comprising:
- receiving a request to evaluate an electronic document, the request including location information associated with the electronic document;
responsive to receiving the request, determining an electronic document accessed based on the received location information;
responsive to determining the accessed electronic document, extracting one or more static mobile-specific features from the accessed electronic document, the static mobile-specific features including an indication of at least one of mobile-specific application programming interface (API) calls and mobile-specific files hosted at a domain associated with the accessed electronic document, anddetermining, by a processor and based on the extracted static mobile-specific features, a likelihood of the accessed electronic document being malicious.
3 Assignments
0 Petitions
Accused Products
Abstract
The disclosed technology includes techniques for identifying malicious mobile electronic documents, e.g., webpages or emails, based on static document features. The static features may include mobile-specific features, such as mobile web API calls, hosted mobile-specific binaries, noscript content, or misleading URL tokens visible on a mobile-specific interface. The static features may instead or also include various JavaScript (JS) features, HTML features, and URL features detected in numbers outside ranges expected for desktop electronic documents. These features may be used with machine learning techniques to classify benign and malicious documents in real time.
69 Citations
20 Claims
-
1. A method comprising:
-
receiving a request to evaluate an electronic document, the request including location information associated with the electronic document; responsive to receiving the request, determining an electronic document accessed based on the received location information; responsive to determining the accessed electronic document, extracting one or more static mobile-specific features from the accessed electronic document, the static mobile-specific features including an indication of at least one of mobile-specific application programming interface (API) calls and mobile-specific files hosted at a domain associated with the accessed electronic document, and determining, by a processor and based on the extracted static mobile-specific features, a likelihood of the accessed electronic document being malicious. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer-readable medium that stores instructions that, when executed by at least one processor, causes the at least one processor to perform a method comprising:
-
receiving, from a client computer, a request to evaluate a webpage, the request including URL and browser information; responsive to receiving the request, determining a webpage accessed based on the received URL and browser information; responsive to determining that the accessed webpage is a mobile webpage, extracting one or more static mobile-specific features from the accessed webpage, the static mobile-specific features including an indication of at least one of misleading words located within a predetermined number of characters of a beginning of the URL and an indication of noscript content associated with the webpage; determining, by the at least one processor and based on the extracted static mobile-specific features, a likelihood of the accessed webpage being malicious; and sending, to the client computer, an indication of the likelihood of the accessed webpage being malicious. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A system comprising:
-
at least one memory operatively coupled to at least one processor and configured for storing data and instructions that, when executed by the at least one processor, cause the system to; receive, from a browser, a request for a webpage, the request including URL information; responsive to receiving the request, determine that a webpage accessed based on the URL information is a mobile webpage; responsive to determining that the accessed webpage is a mobile webpage, extract one or more static mobile-specific features from the accessed webpage, the static mobile-specific features including an indication of at least one of; mobile-specific application programming interface (API) calls, mobile-specific files hosted at a domain associated with the accessed webpage, misleading words located within a predetermined number of characters of a beginning of the URL, and noscript content associated with the accessed webpage; and determine, by the at least one processor and based on the extracted static mobile-specific features, the accessed webpage is malicious. - View Dependent Claims (17, 18, 19, 20)
-
Specification