System and method for detecting phishing webpages

US 9,621,566 B2
Filed: 05/23/2014
Issued: 04/11/2017
Est. Priority Date: 05/31/2013
Status: Active Grant

First Claim

Patent Images

1. A processor controlled hybrid method for blocking identifying a phishing webpage, the method comprising:

capturing overall visual information and overall structural information about a webpage being browsed by a user, wherein capturing overall visual information includes capturing repeated snapshot images of the webpage;

comparing the overall visual information and the overall structural information of the webpage with overall visual information and overall structural information of a legitimate webpage or a phishing webpage stored in a webpage database;

calculating a measure of similarity;

assessing the measure on the basis of a pre-determined threshold; and

concluding the measure of similarity is above the pre-determined threshold thereby identifying a phishing webpage;

and blocking the phishing webpage, thereby blocking the phishing webpage.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A processor controlled hybrid method, an apparatus and a computer readable storage medium for identifying a phishing webpage are provided. The method comprises capturing overall visual information and overall structural information about a webpage being browsed by a user, comparing the overall visual information and overall structural information of the webpage with overall visual information and overall structural information of a legitimate webpage or a phishing webpage stored in a webpage database, calculating a measure of similarity, assessing the measure on the basis of a pre-determined threshold and concluding the measure of similarity is above the pre-determined threshold, thereby identifying a phishing webpage. The method may also provide for collecting and comparing visual information and, optionally, structural information.

Citations

19 Claims

1. A processor controlled hybrid method for blocking identifying a phishing webpage, the method comprising:
- capturing overall visual information and overall structural information about a webpage being browsed by a user, wherein capturing overall visual information includes capturing repeated snapshot images of the webpage;
  
  comparing the overall visual information and the overall structural information of the webpage with overall visual information and overall structural information of a legitimate webpage or a phishing webpage stored in a webpage database;
  
  calculating a measure of similarity;
  
  assessing the measure on the basis of a pre-determined threshold; and
  
  concluding the measure of similarity is above the pre-determined threshold thereby identifying a phishing webpage;
  
  and blocking the phishing webpage, thereby blocking the phishing webpage.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising scanning a priority list received from a priority crawling engine.
  - 3. The method of claim 2, further comprising compiling, storing and updating the webpage database with a record for each webpage, each record comprising the overall visual information, the overall structural information, a Hypertext Transfer Protocol response of the webpage, and a tag record identification.
  - 4. The method of claim 3, further comprising compiling, storing and updating the priority list.
  - 5. The method of claim 4, wherein capturing overall visual information comprises:
    - rendering the webpage with a pre-defined fixed resolution to provide a rendered webpage;
      
      customizing the rendered webpage into a pre-defined fixed format to provide a customized webpage; and
      
      taking repeated snapshot images snapshot of the customized webpage.
  - 6. The method of claim 5, wherein capturing overall structural information comprises extracting a source code of the webpage to provide an extracted source code.
  - 7. The method of claim 6, further comprising representing the extracted source code in as a scalar or a vector or a combination thereof.
  - 8. The method of claim 7, further comprising generating hybrid information.
  - 9. The method of claim 8, wherein capturing overall visual information includes capturing an instant preview image.
  - 10. The method of claim 9, wherein capturing overall structural information includes capturing a source code structure format.
  - 11. The method of claim 10, wherein the source code is hypertext markup language.
  - 12. The method of claim 11, further comprising generating combined information with a combined information generator.

13. A processor controlled hybrid method for blocking a phishing webpage, the method comprising:
- scanning a priority list received from a priority crawling engine;
  
  capturing overall visual information and overall structural information about a webpage being browsed by a user, wherein capturing overall visual information includes capturing an instant preview image and repeated snapshot images of the webpage;
  
  comparing the overall visual information and the overall structural information of the webpage with overall visual information and overall structural information of a legitimate webpage or a phishing webpage stored in a webpage database;
  
  generating combined information with a combined information generator;
  
  calculating a measure of similarity;
  
  assessing the measure on the basis of a pre-determined threshold;
  
  concluding the measure of similarity is above the pre-determined threshold;
  
  identifying a phishing webpage;
  
  and blocking the phishing webpage, thereby blocking the phishing webpage.
- View Dependent Claims (14)
- - 14. The method of claim 13, further comprising compiling, storing and updating the priority list.

15. A processor driven hybrid method for blocking a phishing webpage, the method comprising:
- developing and maintaining a webpage database, the webpage database comprising at least one of legitimate webpages, suspect webpages and phishing webpages;
  
  capturing visual information and structural information about a webpage being browsed by a user;
  
  comparing the visual information and the structural information of the webpage with visual information and structural information of the webpages in the webpage database;
  
  wherein capturing overall visual information includes capturing an instant preview image and repeated snapshot images of the webpage;
  
  comparing the overall visual information and the overall structural information of the webpage with overall visual information and overall structural information of a legitimate webpage or a phishing webpage stored in the webpage database;
  
  generating combined information with a combined information generator;
  
  calculating a measure of similarity;
  
  assessing the measure on the basis of a pre-determined threshold;
  
  concluding the measure of similarity is above the pre-determined threshold; and
  
  instructing a module to block the phishing webpage thereby blocking the phishing webpage.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The method of claim 15, wherein developing and maintaining the webpage database comprises:
    - automatically scanning the Internet for webpages;
      
      capturing the visual information and the structural information about the webpages; and
      
      storing the information about the webpages in the webpage database.
  - 17. The method of claim 16, further comprising:
    - tagging a visited webpage with a unique identifier; and
      
      storing the unique identifier in the webpage database.
  - 18. The method of claim 17, wherein the unique identifier is contained within an e-mail.
  - 19. The method of claim 18, wherein the unique identifier is contained within a cache of a web browser.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ADI Labs Incorporated
Original Assignee
ADI Labs Incorporated
Inventors
Gupta, Deepak Srinivasa, Tanbeer, Syed Khairuzzaman, Mohandas, Radesh
Primary Examiner(s)
Mehedi, Morshed

Application Number

US14/286,853
Publication Number

US 20140359760A1
Time in Patent Office

1,054 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/1408   by monitoring network traff...

H04L 63/1483   service impersonation, e.g....

H04L 67/02   based on web technology, e....

System and method for detecting phishing webpages

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for detecting phishing webpages

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links