System and method for detecting phishing webpages
First Claim
1. A processor controlled hybrid method for blocking identifying a phishing webpage, the method comprising:
- capturing overall visual information and overall structural information about a webpage being browsed by a user, wherein capturing overall visual information includes capturing repeated snapshot images of the webpage;
comparing the overall visual information and the overall structural information of the webpage with overall visual information and overall structural information of a legitimate webpage or a phishing webpage stored in a webpage database;
calculating a measure of similarity;
assessing the measure on the basis of a pre-determined threshold; and
concluding the measure of similarity is above the pre-determined threshold thereby identifying a phishing webpage;
and blocking the phishing webpage, thereby blocking the phishing webpage.
3 Assignments
0 Petitions
Accused Products
Abstract
A processor controlled hybrid method, an apparatus and a computer readable storage medium for identifying a phishing webpage are provided. The method comprises capturing overall visual information and overall structural information about a webpage being browsed by a user, comparing the overall visual information and overall structural information of the webpage with overall visual information and overall structural information of a legitimate webpage or a phishing webpage stored in a webpage database, calculating a measure of similarity, assessing the measure on the basis of a pre-determined threshold and concluding the measure of similarity is above the pre-determined threshold, thereby identifying a phishing webpage. The method may also provide for collecting and comparing visual information and, optionally, structural information.
-
Citations
19 Claims
-
1. A processor controlled hybrid method for blocking identifying a phishing webpage, the method comprising:
-
capturing overall visual information and overall structural information about a webpage being browsed by a user, wherein capturing overall visual information includes capturing repeated snapshot images of the webpage; comparing the overall visual information and the overall structural information of the webpage with overall visual information and overall structural information of a legitimate webpage or a phishing webpage stored in a webpage database; calculating a measure of similarity; assessing the measure on the basis of a pre-determined threshold; and concluding the measure of similarity is above the pre-determined threshold thereby identifying a phishing webpage; and blocking the phishing webpage, thereby blocking the phishing webpage. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A processor controlled hybrid method for blocking a phishing webpage, the method comprising:
-
scanning a priority list received from a priority crawling engine; capturing overall visual information and overall structural information about a webpage being browsed by a user, wherein capturing overall visual information includes capturing an instant preview image and repeated snapshot images of the webpage; comparing the overall visual information and the overall structural information of the webpage with overall visual information and overall structural information of a legitimate webpage or a phishing webpage stored in a webpage database; generating combined information with a combined information generator; calculating a measure of similarity; assessing the measure on the basis of a pre-determined threshold; concluding the measure of similarity is above the pre-determined threshold; identifying a phishing webpage; and blocking the phishing webpage, thereby blocking the phishing webpage. - View Dependent Claims (14)
-
-
15. A processor driven hybrid method for blocking a phishing webpage, the method comprising:
-
developing and maintaining a webpage database, the webpage database comprising at least one of legitimate webpages, suspect webpages and phishing webpages; capturing visual information and structural information about a webpage being browsed by a user; comparing the visual information and the structural information of the webpage with visual information and structural information of the webpages in the webpage database;
wherein capturing overall visual information includes capturing an instant preview image and repeated snapshot images of the webpage;comparing the overall visual information and the overall structural information of the webpage with overall visual information and overall structural information of a legitimate webpage or a phishing webpage stored in the webpage database; generating combined information with a combined information generator; calculating a measure of similarity; assessing the measure on the basis of a pre-determined threshold; concluding the measure of similarity is above the pre-determined threshold; and instructing a module to block the phishing webpage thereby blocking the phishing webpage. - View Dependent Claims (16, 17, 18, 19)
-
Specification