公开(公告)号：US11233820B2

公开(公告)日：2022-01-25

申请号：US16566537

申请日：2019-09-10

申请人： PAYPAL, INC.

发明人： Raoul Johnson ,  Penghui Zhang ,  Adam Oest ,  Bradley Wardman

IPC分类号： H04L9/00 ,  H04L29/06

摘要： Methods and systems are presented for detecting malicious webpages based on dynamically configuring a device to circumvent one or more evasion techniques implemented within the malicious webpages. When a known malicious webpage is obtained, programming code of the known malicious webpage is analyzed to determine one or more evasion techniques implemented within the known malicious webpage. The one or more evasion techniques may cause a webpage classification engine to falsely classify the known malicious webpage as a non-malicious webpage. A software update is generated based on one or more feature parameters extracted from the one or more evasion techniques. The software update is used to for modify the webpage classification engine such that the webpage classification engine would correctly classify the known malicious webpage.

公开(公告)号：US20220131877A1

公开(公告)日：2022-04-28

申请号：US17079190

申请日：2020-10-23

申请人： PayPal, Inc.

发明人： Adam Oest ,  Penghui Zhang ,  Raoul Johnson

IPC分类号： H04L29/06 ,  G06F16/23

摘要： Techniques are disclosed relating to methods that include a process, executing on a computer system, receiving a request to access a website, and altering the request to include one or more characteristics of anti-malware scanners. The method further includes the process sending the altered request to the website, and receiving a response to the altered request. The method also includes the process detecting whether the received response utilizes one of a known set of anti-malware cloaking techniques, and providing, based on the detecting, an output indicative of an outcome of the altered request.

公开(公告)号：US20210075826A1

公开(公告)日：2021-03-11

申请号：US16566537

申请日：2019-09-10

申请人： PAYPAL, INC.

发明人： Raoul Johnson ,  Penghui Zhang ,  Adam Oest ,  Bradley Wardman

IPC分类号： H04L29/06

摘要： Methods and systems are presented for detecting malicious webpages based on dynamically configuring a device to circumvent one or more evasion techniques implemented within the malicious webpages. When a known malicious webpage is obtained, programming code of the known malicious webpage is analyzed to determine one or more evasion techniques implemented within the known malicious webpage. The one or more evasion techniques may cause a webpage classification engine to falsely classify the known malicious webpage as a non-malicious webpage. A software update is generated based on one or more feature parameters extracted from the one or more evasion techniques. The software update is used to for modify the webpage classification engine such that the webpage classification engine would correctly classify the known malicious webpage.