METHODS AND SYSTEMS FOR PHISHING DETECTION

摘要

A method of determining a probability that a received email comprises a phishing attempt may comprise analyzing a link therein to determine whether the link comprises a phishing attempt. This determination may comprise comparing features of the link with records stored in a remote database to determine whether the link comprises a phishing attempt. It may be determined that the link comprises a phishing attempt if there is a match. If the compared features do not match the records stored in the remote database, a multi-dimensional input vector may be built from features of the link, which input vector may then be input into a phishing probability engine. The probability that the link comprises a phishing attempt may be computed by the phishing probability engine. Thereafter, the received email may be acted upon according to the computed probability that the link comprises a phishing attempt.

主权项

1. A method of determining a probability that a received email comprises a phishing attempt, comprising:
receiving an email, analyzing a link within the email to determine whether the link comprises a phishing attempt by:
comparing at least some features of the link with records stored in a remote database to determine whether the link comprises a phishing attempt and determining that the link comprises a phishing attempt if the compared features match the records stored in the remote database;building a multi-dimensional input vector from at least features of the link if the compared features do not match the records stored in the remote database;inputting the built multi-dimensional input vector into a phishing probability engine;computing, in the phishing probability engine, a probability that the link comprises a phishing attempt; andacting upon the received email depending upon the computed probability that the link comprises a phishing attempt.