Automatic detection of search results poisoning attacks

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Fang Yu · Beijing, CN
• Yinglian Xie · Cupertino, US
• Martin Abadi · Palo Alto, US
• John Payyappillil John · Seattle, US
• Arvind Krishnamurthy · Hamden, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/168
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Search result poisoning attacks may be automatically detected by identifying groups of suspicious uniform resource locators (URLs) containing multiple keywords and exhibiting patterns that deviate from other URLs in the same domain without crawling and evaluating the actual contents of each web page. Suspicious websites are identified and lexical features are extracted for each such website. The websites are clustered based on their lexical features, and group analysis is performed on each group to identify at least one suspicious group. Other implementations are directed to detecting a search engine optimization (SEO) attack by processing a large population of URLs to identify suspicious URLs based on the presence of a subset of keywords in each URL and the relative newness of each URL.