Detecting malicious web pages by analyzing elements of hypertext markup language (HTML) files
Systems and methods are described for detecting compromised web pages and domains by analyzing of elements of hypertext markup language (HTML) files of a domain. In one embodiment, a security service receives a request including a potentially malicious uniform resource locator (URL) and retrieves a...
Saved in:
| Format | Patent |
|---|---|
| Language | English |
| Published |
10.05.2022
|
| Online Access | Get full text |
Cover
| Summary: | Systems and methods are described for detecting compromised web pages and domains by analyzing of elements of hypertext markup language (HTML) files of a domain. In one embodiment, a security service receives a request including a potentially malicious uniform resource locator (URL) and retrieves a first HTML file to which the potentially malicious URL points and a second HTML file to which a host URL corresponding to the potentially malicious URL points. The security service determines whether the potentially malicious URL is a malicious URL by comparing features of the first HTML file to corresponding features of the second HTML file and when a similarity value resulting from the comparing is less than a threshold, then the security service concludes that the first HTML file was created by a malicious actor and responds to the request with an indication that the potentially malicious URL is a malicious URL. |
|---|