| 主权项 |
1. A method for identifying a phishing website comprising:
a. providing a computer system having an operating system, a database system and a communication system for controlling communications through the Internet, b. transmitting a communication containing a plurality of suspected phishing urls to the computer system, c. retrieving website content files for each suspected phishing url of the plurality of phishing urls, the website content files including structural components, d. preprocessing the website content files thereby producing normalized website content file sets for each of the plurality of suspected phishing urls, e. creating an abstract syntax tree for each of the normalized website content file sets, f. calculating a hash value for each structural component of each of the normalized website content file sets and constructing a hash value set there from for each normalized website content file set, g. selecting a first hash value from a first hash value set and comparing the first hash value to hash values of structural components of known phishing websites to locate a matching hash value, h. if a matching hash value is located, comparing the first hash value set to a hash value set of the matching hash value and creating a similarity score, and i. if the similarity score meets or exceeds a predetermined threshold, designating a suspected url from which the first hash value was derived as a phishing website. |
