Automatically verifying that anti-phishing URL signatures do not fire on legitimate web sites

US 7,831,611 B2
Filed: 09/28/2007
Issued: 11/09/2010
Est. Priority Date: 09/28/2007
Status: Active Grant

First Claim

Patent Images

1. A method implemented in a computer system for detecting false positives among a plurality of search patterns of web sites that include illegitimate content comprising:

accessing a first page of a legitimate web site;

obtaining all links included in the first page;

for each link included in the first page that points to a page on the web site, determining whether the link matches at least one of the plurality of search patterns;

for each link that matches the search pattern, indicating that the search pattern is a false positive; and

for each link that points to a page on the web site, recursively;

accessing a page pointed to by the link;

obtaining all links in the page;

for each link included in the page that points to a page on the web site, determining whether the link matches at least one of the plurality of search patterns; and

for each link that matches the search pattern, indicating that the search pattern is a false positive;

wherein each search pattern is a regular expression.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and computer program product prevent false positives from occurring by reducing or preventing legitimate web site content from triggering matches to phishing black lists, but provides time and cost savings over manual review of black lists. A method implemented in a computer system for detecting false positives among a plurality of search patterns of web sites that include illegitimate content comprises accessing a first page of a legitimate web site, obtaining all links included in the first page, for each link included in the first page that points to a page on the web site, determining whether the link matches at least one of the plurality of search patterns, and for each link that matches the search pattern, indicating that the search pattern is a false positive.

82 Citations

View as Search Results

19 Claims

1. A method implemented in a computer system for detecting false positives among a plurality of search patterns of web sites that include illegitimate content comprising:
- accessing a first page of a legitimate web site;
  
  obtaining all links included in the first page;
  
  for each link included in the first page that points to a page on the web site, determining whether the link matches at least one of the plurality of search patterns;
  
  for each link that matches the search pattern, indicating that the search pattern is a false positive; and
  
  for each link that points to a page on the web site, recursively;
  
  accessing a page pointed to by the link;
  
  obtaining all links in the page;
  
  for each link included in the page that points to a page on the web site, determining whether the link matches at least one of the plurality of search patterns; and
  
  for each link that matches the search pattern, indicating that the search pattern is a false positive;
  
  wherein each search pattern is a regular expression.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the search pattern is included in a list of web sites that include illegitimate content.
  - 3. The method of claim 2, wherein each search pattern is a regular expression.
  - 4. The method of claim 3, wherein a search pattern that is a false positive is indicated by including the search pattern in a list of false positives.
  - 5. The method of claim 3, wherein a search pattern that is a false positive is indicated in the list of web sites that include illegitimate content.
  - 6. The method of claim 1, wherein the search pattern is included in a list of web sites that include illegitimate content.
  - 7. The method of claim 1, wherein a search pattern that is a false positive is indicated by including the search pattern in a list of false positives.
  - 8. The method of claim 1, wherein a search pattern that is a false positive is indicated in the list of web sites that include illegitimate content.
  - 9. The method of claim 1, wherein the recursion is performed to a predefined maximum depth.
  - 10. The method of claim 2, wherein each search pattern that is indicated as a false positive is listed for a later revision of the list.

11. A computer program product for detecting false positives among a plurality of search patterns of web sites that include illegitimate content comprising:
- a computer readable storage medium;
  
  computer program instructions, recorded on the computer readable storage medium, executable by a processor, for performing the steps of;
  
  accessing a first page of a web site;
  
  obtaining all links included in the first page;
  
  for each link pointing to a page on the web site, determining whether the link matches at least one search pattern;
  
  for each link that matches the search pattern, indicating that the search pattern is a false positive; and
  
  for each link that points to a page on the web site, recursively;
  
  accessing a page pointed to by the link;
  
  obtaining all links in the page;
  
  for each link included in the page that points to a page on the web site, determining whether the link matches at least one of the plurality of search patterns; and
  
  for each link that matches the search pattern, indicating that the search pattern is a false positive;
  
  wherein each search pattern is a regular expression.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The computer program product of claim 11, wherein the search pattern is included in a list of web sites that include illegitimate content.
  - 13. The computer program product of claim 12, wherein each search pattern is a regular expression.
  - 14. The computer program product of claim 13, wherein a search pattern that is a false positive is indicated by including the search pattern in a list of false positives.
  - 15. The computer program product of claim 13, wherein a search pattern that is a false positive is indicated in the list of web sites that include illegitimate content.
  - 16. The computer program product of claim 11, wherein the search pattern is included in a list of web sites that include illegitimate content.
  - 17. The computer program product of claim 11, wherein a search pattern that is a false positive is indicated by including the search pattern in a list of false positives.
  - 18. The computer program product of claim 11, wherein a search pattern that is a false positive is indicated in the list of web sites that include illegitimate content.
  - 19. The computer program product of claim 11, wherein the recursion is performed to a predefined maximum depth.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Sargent, John, Barton, Chris, Engelken, Dallas, Roberts, Guy, Kelly, Nick
Primary Examiner(s)
Lee; Wilson

Application Number

US11/905,330
Publication Number

US 20090089287A1
Time in Patent Office

1,138 Days
Field of Search

707709-720, 707781-789, 707769-774, 705/26, 705/37, 705/40, 705/44, 726/1, 726/7, 726/8, 726/24, 709219-225, 379/201.01, 379/201.05
US Class Current

707/773
CPC Class Codes

G06F 16/9535 Search customisation based ...

Automatically verifying that anti-phishing URL signatures do not fire on legitimate web sites

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

82 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Automatically verifying that anti-phishing URL signatures do not fire on legitimate web sites

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links