What technology area does this patent fall under?

Primary CPC classification H04L63/1483. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Dec 13 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Method of detecting potential phishing by analyzing universal resource locators

US9521165B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9521165-B2
Application number	US-201514728286-A
Country	US
Kind code	B2
Filing date	Jun 2, 2015
Priority date	Jun 5, 2009
Publication date	Dec 13, 2016
Grant date	Dec 13, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A method for detecting potential phishing URLs includes extracting a URL from a document, analyzing the URL context, and comparing the URL to stored trusted URLs and stored known phishing URLs. The URL context includes anchor text and surrounding content associated with the URL. The method further includes generating a phishing alert based on the comparing and the analyzing.

First claim

Opening claim text (preview).

What is claimed is: 1. A system comprising: a memory that stores instructions; a processor that executes the instructions to perform operations, the operations comprising: determining an encoded distance between a first character of a hostname of a universal resource locator and a next character of the hostname of the universal resource locator, wherein the encoded distance is an integral distance between the first character and the next character in a machine encoding; determining if the encoded distance exceeds a first threshold value; adding the encoded distance to a hostname distance if the encoded distance is determined to not exceed the first threshold value, wherein the hostname distance is a sum of encoded distances between consecutive pairs of characters of the hostname; and transmitting a first notification that indicates that the universal resource locator is associated with phishing if the hostname distance is determined to exceed a threshold hostname distance value. 2. The system of claim 1 , wherein the operations further comprise transmitting a second notification that indicates that the universal resource locator is associated with phishing if the encoded distance is determined to exceed the first threshold value. 3. The system of claim 1 , wherein the operations further comprise determining if the hostname distance exceeds the threshold hostname distance value. 4. The system of claim 1 , wherein the operations further comprise enabling access to the universal resource locator if the hostname distance is determined to not exceed the threshold hostname distance value. 5. The system of claim 1 , wherein the operations further comprise calculating a word value for a first word in the universal resource locator. 6. The system of claim 5 , wherein the operations further comprise identifying a second word from a white list that is similar to the first word in the universal resource locator. 7. The system of claim 6 , wherein the operations further comprise determining an edit distance between the first word and the second word. 8. The system of claim 7 , wherein the operations further comprise determining the edit distance by determining a number of changes required to change the first word into the second word. 9. The system of claim 6 , wherein the operations further comprise determining if the edit distance is below a second threshold value. 10. The system of claim 9 , wherein the operations further comprise transmitting an alert if the edit distance is below the second threshold value. 11. A method comprising: calculating an encoded distance between a first character of a hostname of a universal resource locator and a next character of the hostname of the universal resource locator, wherein the encoded distance is an integral distance between the first character and the next character in a machine encoding; determining, by utilizing instructions from memory that are executed by a processor, if the encoded distance exceeds a first threshold value; adding the encoded distance to a hostname distance if the encoded distance is determined to not exceed the first threshold value, wherein the hostname distance is a sum of encoded distances between consecutive pairs of characters of the hostname; and generating a first notification that indicates that the universal resource locator is associated with phishing if the hostname distance is determined to exceed a threshold hostname distance value. 12. The method of claim 11 , further comprising transmitting a second notification that indicates that the universal resource locator is associated with phishing if the encoded distance is determined to exceed the first threshold value. 13. The method of claim 11 , further comprising enabling access to the universal resource locator if the hostname distance is determined to not exceed the threshold hostname distance value. 14. The method of claim 11 , further comprising calculating a word value for a first word in the universal resource locator. 15. The method of claim 14 , further comprising determining an edit distance between the first word and a second word that is identified from a list as being similar to the first word. 16. The method of claim 15 , further comprising determining if the edit distance is below a second threshold value. 17. The method of claim 16 , further comprising triggering an event if the edit distance is below the second threshold value. 18. A computer-readable device comprising instructions, which, when loaded and executed by a processor, cause the processor to perform operations, the operations comprising: calculating an encoded distance between a first character of a hostname of a universal resource locator and a next character of the hostname of the universal resource locator, wherein the encoded distance is an integral distance between the first character and the next character in a machine encoding; determining if the encoded distance exceeds a first threshold value; adding the encoded distance to a hostname distance if the encoded distance is determined to not exceed the first threshold value, wherein the hostname distance is a sum of encoded distances between consecutive pairs of characters of the hostname; and providing a first notification that indicates that the universal resource locator is associated with phishing if the hostname distance is determined to exceed a threshold hostname distance value. 19. The computer-readable device of claim 18 , wherein the operations further comprise triggering an event if the encoded distance is determined to exceed the first threshold value. 20. The computer-readable device of claim 18 , wherein the operations further comprise enabling access to the universal resource locator if the hostname distance is determined to not exceed the threshold hostname distance value.

Assignees

At & T Ip I Lp

Inventors

Classifications

G06F16/9566
URL specific, e.g. using aliases, detecting broken or misspelled links · CPC title
H04L63/0245
Filtering by information in the payload · CPC title
G06F21/554
involving event detection and direct action · CPC title
H04L63/1441
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
H04L63/1483Primary
service impersonation, e.g. phishing, pharming or web spoofing (detection of rogue wireless access points H04W12/12) · CPC title

Patent family

Related publications grouped by family.

View patent family 43301727

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9521165B2 cover?: A method for detecting potential phishing URLs includes extracting a URL from a document, analyzing the URL context, and comparing the URL to stored trusted URLs and stored known phishing URLs. The URL context includes anchor text and surrounding content associated with the URL. The method further includes generating a phishing alert based on the comparing and the analyzing.
Who is the assignee on this patent?: At & T Ip I Lp
What technology area does this patent fall under?: Primary CPC classification H04L63/1483. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Dec 13 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).