公开(公告)号：US20050022031A1

公开(公告)日：2005-01-27

申请号：US10856978

申请日：2004-05-28

申请人： Joshua Goodman ,  Robert Rounthwaite ,  Geoffrey Hulten ,  John Deurbrouck ,  Manav Mishra ,  Anthony Penta

发明人： Joshua Goodman ,  Robert Rounthwaite ,  Geoffrey Hulten ,  John Deurbrouck ,  Manav Mishra ,  Anthony Penta

IPC分类号： G06F13/00 ,  G06F12/00 ,  G06F17/00 ,  G06Q10/10 ,  G06Q99/00 ,  H04L12/58 ,  H04L29/06 ,  H04L9/00 ,  G06F12/14 ,  H04L9/32

CPC分类号： H04L51/12 ,  G06Q10/107

摘要： Disclosed are systems and methods that facilitate spam detection and prevention at least in part by building or training filters using advanced IP address and/or URL features in connection with machine learning techniques. A variety of advanced IP address related features can be generated from performing a reverse IP lookup. Similarly, many different advanced URL based features can be created from analyzing at least a portion of any one URL detected in a message.

摘要翻译： 公开了至少部分地通过使用与机器学习技术相关联的高级IP地址和/或URL特征来构建或训练过滤器来促进垃圾邮件检测和预防的系统和方法。 可以通过执行反向IP查找来生成各种高级IP地址相关功能。 类似地，可以通过分析消息中检测到的任何一个URL的至少一部分来创建许多不同的基于高级URL的特征。

公开(公告)号：US20070039038A1

公开(公告)日：2007-02-15

申请号：US11537641

申请日：2006-09-30

申请人： Joshua Goodman ,  Paul Rehfuss ,  Robert Rounthwaite ,  Manav Mishra ,  Geoffrey Hulten ,  Kenneth Richards ,  Aaron Averbuch ,  Anthony Penta ,  Roderic Deyo

发明人： Joshua Goodman ,  Paul Rehfuss ,  Robert Rounthwaite ,  Manav Mishra ,  Geoffrey Hulten ,  Kenneth Richards ,  Aaron Averbuch ,  Anthony Penta ,  Roderic Deyo

IPC分类号： H04L9/32 ,  G06K9/00

CPC分类号： H04L63/1408 ,  H04L63/1441 ,  H04L63/1483

摘要： Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain. In another embodiment, a Web browsing application receives content, such as data for a Web page, from a network-based resource, such as a Web site or domain. The Web browsing application initiates a display of the content, and a phishing detection module detects a phishing attack in the content by determining that a domain of the network-based resource is similar to a known phishing domain, or that an address of the network-based resource from which the content is received has suspicious network properties.

摘要翻译： 描述网络钓鱼检测，预防和通知。 在一个实施例中，消息收发应用促进通过消息收发用户界面的通信，并从域接收诸如电子邮件消息之类的通信。 钓鱼检测模块通过确定域与已知的网络钓鱼域相似，或通过检测域的可疑网络属性来检测通信中的网络钓鱼攻击。 在另一个实施例中，Web浏览应用程序从基于网络的资源（诸如网站或域）接收诸如网页的数据的内容。 Web浏览应用程序启动内容的显示，并且网络钓鱼检测模块通过确定基于网络的资源的域类似于已知的网络钓鱼域来检测内容中的网络钓鱼攻击，或者网络 - 收到内容的基于资源的资源具有可疑的网络属性。

公开(公告)号：US20070192855A1

公开(公告)日：2007-08-16

申请号：US11335902

申请日：2006-01-18

申请人： Geoffrey Hulten ,  Paul Rehfuss ,  Robert Rounthwaite ,  Joshua Goodman ,  Gopalakrishnan Seshadrinathan ,  Anthony Penta ,  Manav Mishra ,  Roderic Deyo ,  Elliott Haber ,  David Snelling

发明人： Geoffrey Hulten ,  Paul Rehfuss ,  Robert Rounthwaite ,  Joshua Goodman ,  Gopalakrishnan Seshadrinathan ,  Anthony Penta ,  Manav Mishra ,  Roderic Deyo ,  Elliott Haber ,  David Snelling

IPC分类号： G06F12/14

CPC分类号： H04L63/1483 ,  G06F17/30887 ,  H04L63/08 ,  H04L63/1441

摘要： Described is a technology by which phishing-related data sources are processed into aggregated data and a given site evaluated the aggregated data using a predictive model to automatically determine whether the given site is likely to be a phishing site. The predictive model may be built using machine learning based on training data, e.g., including known phishing sites and/or known non-phishing sites. To determine whether an object corresponding to a site is likely a phishing-related object are described, various criteria are evaluated, including one or more features of the object when evaluated. The determination is output in some way, e.g., made available to a reputation service, used to block access to a site or warn a user before allowing access, and/or used to assist a hand grader in being more efficient in evaluating sites.

摘要翻译： 描述了一种将钓鱼相关数据源处理为聚合数据的技术，给定的站点使用预测模型评估聚合数据，以自动确定给定站点是否可能是钓鱼站点。 可以使用基于训练数据的机器学习来构建预测模型，例如包括已知的网络钓鱼站点和/或已知的非网络钓鱼站点。 为了确定对应于站点的对象是否可能是与钓鱼相关的对象，评估了各种标准，包括评估时对象的一个​​或多个特征。 该确定以某种方式输出，例如可用于信誉服务，用于阻止对站点的访问或在允许访问之前警告用户，和/或用于帮助平手机更有效地评估站点。

公开(公告)号：US20060123478A1

公开(公告)日：2006-06-08

申请号：US11129665

申请日：2005-05-13

申请人： Paul Rehfuss ,  Joshua Goodman ,  Robert Rounthwaite ,  Manav Mishra ,  Geoffrey Hulten ,  Kenneth Richards ,  Aaron Averbuch ,  Anthony Penta ,  Roderic Deyo

发明人： Paul Rehfuss ,  Joshua Goodman ,  Robert Rounthwaite ,  Manav Mishra ,  Geoffrey Hulten ,  Kenneth Richards ,  Aaron Averbuch ,  Anthony Penta ,  Roderic Deyo

IPC分类号： G06F12/14

CPC分类号： H04L63/1408 ,  H04L67/02

摘要： Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain. In another embodiment, a Web browsing application receives content, such as data for a Web page, from a network-based resource, such as a Web site or domain. The Web browsing application initiates a display of the content, and a phishing detection module detects a phishing attack in the content by determining that a domain of the network-based resource is similar to a known phishing domain, or that an address of the network-based resource from which the content is received has suspicious network properties.

公开(公告)号：US20060123464A1

公开(公告)日：2006-06-08

申请号：US11129222

申请日：2005-05-13

申请人： Joshua Goodman ,  Paul Rehfuss ,  Robert Rounthwaite ,  Manav Mishra ,  Geoffrey Hulten ,  Kenneth Richards ,  Aaron Averbuch ,  Anthony Penta ,  Roderic Deyo

发明人： Joshua Goodman ,  Paul Rehfuss ,  Robert Rounthwaite ,  Manav Mishra ,  Geoffrey Hulten ,  Kenneth Richards ,  Aaron Averbuch ,  Anthony Penta ,  Roderic Deyo

IPC分类号： H04L9/32

CPC分类号： H04L63/1416 ,  H04L51/12 ,  H04L63/1466 ,  H04L63/1483

摘要： Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain. In another embodiment, a Web browsing application receives content, such as data for a Web page, from a network-based resource, such as a Web site or domain. The Web browsing application initiates a display of the content, and a phishing detection module detects a phishing attack in the content by determining that a domain of the network-based resource is similar to a known phishing domain, or that an address of the network-based resource from which the content is received has suspicious network properties.

公开(公告)号：US20070033639A1

公开(公告)日：2007-02-08

申请号：US11537640

申请日：2006-09-30

申请人： Joshua Goodman ,  Paul Rehfuss ,  Robert Rounthwaite ,  Manav Mishra ,  Geoffrey Hulten ,  Kenneth Richards ,  Aaron Averbuch ,  Anthony Penta ,  Roderict Deyo

发明人： Joshua Goodman ,  Paul Rehfuss ,  Robert Rounthwaite ,  Manav Mishra ,  Geoffrey Hulten ,  Kenneth Richards ,  Aaron Averbuch ,  Anthony Penta ,  Roderict Deyo

IPC分类号： H04L9/32 ,  G06K9/00

CPC分类号： H04L63/1416 ,  H04L51/12 ,  H04L63/1466 ,  H04L63/1483

摘要： Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain. In another embodiment, a Web browsing application receives content, such as data for a Web page, from a network-based resource, such as a Web site or domain. The Web browsing application initiates a display of the content, and a phishing detection module detects a phishing attack in the content by determining that a domain of the network-based resource is similar to a known phishing domain, or that an address of the network-based resource from which the content is received has suspicious network properties.

公开(公告)号：US20130091566A1

公开(公告)日：2013-04-11

申请号：US13269632

申请日：2011-10-10

申请人： Anthony Penta ,  Robert Sim

发明人： Anthony Penta ,  Robert Sim

IPC分类号： G06F21/20

CPC分类号： G06F21/645

摘要： In one embodiment, an intelligent detection system 102 may determine if a network target 108 is an adversarial site based on comparing responses to different network sources. The intelligent detection system 102 may select a test apparent network source 110 and a control apparent network source 112 from a network source pool 106. The intelligent detection system 102 may receive the test response responding to a test request from the test apparent network source 110 to a network target 108. The intelligent detection system 102 may receive the control response responding to a control request from the control apparent network source 112 to the network target 108. The intelligent detection system 102 may execute a comparison of the test response to the control response.

摘要翻译： 在一个实施例中，智能检测系统102可以基于对不同网络源的响应进行比较来确定网络目标108是否是对抗性站点。 智能检测系统102可以从网络源池106中选择测试视网络源110和控制视网络源112.智能检测系统102可以将来自测试视网络源110的测试请求响应的测试响应接收到 智能检测系统102可以响应于来自控制视网络源112到网络目标108的控制请求而接收控制响应。智能检测系统102可以执行测试响应与控制响应的比较 。

公开(公告)号：US08745736B2

公开(公告)日：2014-06-03

申请号：US13269632

申请日：2011-10-10

申请人： Anthony Penta ,  Robert Sim

发明人： Anthony Penta ,  Robert Sim

IPC分类号： G06F11/00

CPC分类号： G06F21/645

摘要： In one embodiment, an intelligent detection system 102 may determine if a network target 108 is an adversarial site based on comparing responses to different network sources. The intelligent detection system 102 may select a test apparent network source 110 and a control apparent network source 112 from a network source pool 106. The intelligent detection system 102 may receive the test response responding to a test request from the test apparent network source 110 to a network target 108. The intelligent detection system 102 may receive the control response responding to a control request from the control apparent network source 112 to the network target 108. The intelligent detection system 102 may execute a comparison of the test response to the control response.

摘要翻译： 在一个实施例中，智能检测系统102可以基于对不同网络源的响应进行比较来确定网络目标108是否是对抗性站点。 智能检测系统102可以从网络源池106中选择测试视网络源110和控制视网络源112.智能检测系统102可以将来自测试视网络源110的测试请求响应的测试响应接收到 智能检测系统102可以响应于来自控制视网络源112到网络目标108的控制请求而接收控制响应。智能检测系统102可以执行测试响应与控制响应的比较 。