Invention Title:

Systems and methods for generating and utilizing lookalike Uniform Resource Locators (URLs)

Publication number:

US20250307332

Publication date:

2025-10-02

Section:

Physics

Class:

G06F16/9566

Inventors:

Hila Paz HERSZFANG 🇮🇱 Tel-Aviv, Israel

Roi Inbar 🇮🇱 Tel Aviv, Israel

Dani Rubin 🇮🇱 Tel Aviv, Israel

Eden Meyuhas 🇮🇱 Tel Aviv, Israel

Samir Dabit 🇮🇱 Tel Aviv, Israel

Assignee:

ZSCALER, INC. 🇺🇸 San Jose, CA, United States

Applicant:

Zscaler, Inc. 🇺🇸 San Jose, CA, United States

Smart overview of the Invention

The invention focuses on enhancing network and cloud security by generating and utilizing lookalike Uniform Resource Locators (URLs). It addresses the growing sophistication of cyber threats, particularly phishing attacks that deceive users into revealing sensitive information by imitating trustworthy entities. Traditional anti-phishing solutions are often reactive, relying on blacklisting or content analysis, which may not effectively counteract evolving threats. This approach proactively generates lookalike domains to bolster anti-phishing measures.

Methodology

The system employs a genetic algorithm to create multiple lookalike domains based on an original target domain associated with an enterprise. These domains are crafted using various deception methods to closely mimic legitimate URLs. The process involves generating a first generation of lookalike domains, computing similarity scores, and selecting domains for subsequent generations until optimal similarity is achieved. This iterative process enhances the effectiveness of the generated lookalike domains in preemptive security functions.

Functionality

The generated lookalike domains serve several functions, including inline URL access filtering and reporting. Reports provided to enterprises detail each lookalike domain, the deception methods used, registration status, and associations with known phishing sites. This comprehensive reporting aids enterprises in understanding potential threats and taking necessary precautions. The system's cloud-based implementation ensures scalability and accessibility for various users.

Cybersecurity Integration

The invention integrates with existing cybersecurity frameworks to enhance overall protection. It supports various network configurations, including inline monitoring through servers or applications and cloud-based security services. These configurations facilitate comprehensive security measures such as URL filtering, intrusion detection, DNS filtering, and advanced threat protection. The system's adaptability allows it to function effectively across diverse network environments.

Security Features

The invention's cybersecurity capabilities extend to firewall implementation with Deep Packet Inspection (DPI), bandwidth control, and antivirus protection. It also includes sandboxing for zero-day exploit mitigation and Data Loss Prevention (DLP) for continuous monitoring of encrypted traffic. By leveraging these features, the system provides robust protection against phishing attacks and other cyber threats, ensuring secure network operations for enterprises.