	US 12,074,907 B2
	Systems and methods of detecting anomalous websites
Ania Kacewicz, Baltimore, MD (US); and Christopher S. Stinson, Odenton, MD (US)
Assigned to IronNet Cybersecurity, Inc., McLean, VA (US)
Filed by IronNet Cybersecurity, Inc., McLean, VA (US)
Filed on Jun. 14, 2023, as Appl. No. 18/209,645.
Application 18/209,645 is a continuation of application No. 16/909,435, filed on Jun. 23, 2020, granted, now 11,716,350.
Prior Publication US 2023/0328101 A1, Oct. 12, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 16/951 (2019.01); G06F 40/143 (2020.01); G06F 40/221 (2020.01); G06N 3/088 (2023.01); G06T 9/00 (2006.01); G06T 15/00 (2011.01); G06V 10/56 (2022.01)

CPC H04L 63/1483 (2013.01) [G06F 16/951 (2019.01); G06F 40/143 (2020.01); G06F 40/221 (2020.01); G06N 3/088 (2013.01); G06T 9/00 (2013.01); G06T 15/00 (2013.01); G06V 10/56 (2022.01); H04L 63/14 (2013.01); H04L 63/1425 (2013.01); G06T 2207/20081 (2013.01)]

19 Claims

1. A method for detecting anomalous websites, the method comprising the steps of:

parsing code of website into a plurality of data elements, each data element having a plurality of characteristics;

mapping, for the website, each of the plurality of data elements to a color corresponding to a location in a 3D color cube, wherein the location is based on that data element's characteristics, and assigning the mapped color to the data element;

generating an image corresponding to the website by generating an image comprised of pixels, wherein each data element of the website is represented by a pixel at an x-y coordinate of the image representing a location of that data element within the code of the website, wherein the pixel has the color previously assigned to that data element;

compressing the image into a compressed image;

comparing the compressed website to a normalcy model; and

based on the comparison, determining whether the website is anomalous relative to a threshold of normalcy.