Malicious uniform resource locator detection

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Feng Xue · Redwood City, US
• Bin Zhu · Windom, US
• Weibo Chu · Xi'an, CN

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1483
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

The techniques described herein use training data to train classification models to detect malicious Uniform Resource Locators (URLs) that target authentic resources (e.g., Web page, Web site, or other network locations accessed via a URL). The techniques train the classification models using one or more machine learning algorithms. The training data may include known benign URLs and known malicious URLs (e.g., training URLs) that are associated with a target authentic resource. The techniques then use the trained classification models to determine whether an unknown URL is a malicious URL. The malicious URL determination may be based on one or more lexical features (e.g., brand name edit distances for a domain and path of the URL) and/or site/page features (e.g., a domain age and a domain confidence level) extracted.