US 12,323,463 B1
Method and apparatus for detecting URL related to phishing site using artificial intelligence and generative AI algorithm
Jihun Kim, Uiwang-si (KR); and Sunho Park, Incheon (KR)
Assigned to NURILAB CO., LTD., Seoul (KR)
Appl. No. 18/843,974
Filed by NURILAB CO., LTD., Seoul (KR)
PCT Filed Sep. 26, 2023, PCT No. PCT/KR2023/014795
§ 371(c)(1), (2) Date Sep. 4, 2024,
PCT Pub. No. WO2025/023368, PCT Pub. Date Jan. 30, 2025.
Claims priority of application No. 10-2023-0095850 (KR), filed on Jul. 24, 2023.
Int. Cl. H04L 9/40 (2022.01); G06V 30/19 (2022.01)
CPC H04L 63/1483 (2013.01) [G06V 30/19093 (2022.01)] 10 Claims
OG exemplary drawing
 
1. A method of detecting a uniform resource locator (URL) related to a phishing site, the method performed by an apparatus and comprising:
acquiring a target URL related to a first URL included in a text message by performing a preprocessing operation on the first URL;
confirming whether the target URL is included in at least one among a first database (DB) in which information on a plurality of phishing sites is stored and a second DB in which information on a plurality of non-phishing sites is stored;
accessing the target URL and capturing a first web page screen corresponding to the target URL, based on the confirmation that the target URL is not included in at least one among the first DB and the second DB; and
storing information related to the target URL in a result DB, wherein the storing the information related to the target URL comprises when the target URL is identified as being related to a phishing site based on a plurality of types of data acquired through the first web page screen, storing the information related to the target URL in the result DB, and when the target URL is not identified as being related to the phishing site based on the plurality of types of data, acquiring the information related to the target URL by inputting the plurality of types of data into a first artificial intelligence model, and storing the information related to the target URL in the result DB,
wherein the storing the information related to the target URL in the result DB further comprises:
generating a first block based on a first hash value corresponding to the information related to the target URL;
acquiring, based on a change in a website screen corresponding to the target URL from a first website screen to a second website screen, information indicating a difference between the first website screen and the second website screen;
generating a second block based on a second hash value corresponding to the acquired information indicating the difference; and
connecting the second block to the first block and storing the first and second blocks related to the target URL in the result DB constructed on a basis of blockchain,
wherein based on the text message being input from an application that executes the method of detecting the URL related to the phishing site related to the application, the information related to the target URL is transmitted through a control user interface (UI) of the apparatus, and
wherein based on the target URL being related to the phishing site, access of the target URL is blocked.