Risk information output device, information output system, risk information output method, and recording medium
US-2024414180-A1 · Dec 12, 2024 · US
Honey monkey network exploration
US9596255B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9596255-B2 |
| Application number | US-201414332626-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 16, 2014 |
| Priority date | Mar 1, 2006 |
| Publication date | Mar 14, 2017 |
| Grant date | Mar 14, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A network can be explored to investigate exploitive behavior. For example, network sites may be actively explored by a honey monkey system to detect if they are capable of accomplishing exploits, including browser-based exploits, on a machine. Also, the accomplishment of exploits may be detected by tracing events occurring on a machine after visiting a network site and analyzing the traced events for illicit behavior. Alternatively, site redirections between and among uniform resource locators (URLs) may be explored to discover relationships between sites that are visited.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: determining redirection relationships between a particular website of a plurality of websites and other websites of the plurality of websites; determining a rank of the particular website of the plurality of websites based at least on the redirection relationships between the particular website and the other websites of the plurality of websites; reporting the rank of the particular website; and causing display of a visual representation, the visual representation including a plurality of visual indicators, each of the plurality of visual indicators visually indicating a corresponding rank of a respective website of the plurality of websites, and the visual representation including a particular visual indicator indicating the rank of the particular website. 2. The method of claim 1 , further comprising determining a number of the other websites with incoming redirection links that redirect traffic to the particular website, and wherein the rank is based at least on the number. 3. The method of claim 1 , further comprising determining a number of outgoing redirection links in the particular website that redirect traffic to the other websites, and wherein the rank is based at least on the number. 4. The method of claim 1 , further comprising determining a number of two-way redirection relationships between the particular website and the other websites of the plurality of websites, wherein a two-way relationship between the particular website and one of the other websites is based at least on: an incoming redirection link in the one of the other websites that redirects traffic to the particular website, and an outgoing redirection link in the particular website that redirects traffic to the one of the other websites; and wherein the rank is based at least on the number. 5. The method of claim 1 , further comprising determining a number of redirection relationships based at least on: a first number of the other websites with incoming redirection links that redirect traffic to the particular website; a second number of outgoing redirection links in the particular website that redirect traffic to the other websites; and a third number of two-way redirection relationships between the particular website and the other websites of the plurality of websites, wherein a two-way relationship between the particular website and one of the other websites is based at least on: an incoming redirection link in the one of the other websites that redirects traffic to the particular website, and an outgoing redirection link in the particular website that redirects traffic to the one of the other websites; and wherein the rank is based at least on the first number, the second number, and the third number. 6. The method of claim 1 , wherein the particular visual indicator includes a bar graph that indicates a number of the other websites that have a traffic redirection relationship with the particular website. 7. The method of claim 1 , further comprising blocking access to the particular website based at least on the rank. 8. The method of claim 1 , further comprising determining the rank of the particular website based at least on a number of one or more exploit links hosted by the particular website, wherein the one or more exploit links redirect traffic to one or more exploit sites. 9. A computing system, comprising: one or more processors; memory; and processor-executable instructions stored on the memory and executable by the one or more processors to cause the computing system to: determine redirection relationships between a particular website of a plurality of websites and other websites of the plurality of websites; determine a rank of the particular website of the plurality of websites based at least on the redirection relationships between the particular website and the other websites of the plurality of websites; and report the rank of the particular website. 10. The computing system of claim 9 , wherein the processor-executable instructions are further executable by the one or more processors to cause the computing system to: determine a number of redirection relationships based at least on a number of the other websites with incoming redirection links that redirect traffic to the particular website; and determine the rank based at least on the number. 11. The computing system of claim 9 , wherein the processor-executable instructions are further executable by the one or more processors to: determine a number of outgoing redirection links in the particular website that redirect traffic to the other websites; and determine the rank based at least on the number. 12. The computing system of claim 9 , wherein the processor-executable instructions are further executable by the one or more processors to cause the computing system to: determine a number of two-way redirection relationships between the particular website and the other websites of the plurality of websites, wherein a two-way relationship between the particular website and one of the other websites is based at least on: an incoming redirection link in the one of the other websites that redirects traffic to the particular website, and an outgoing redirection link in the particular website that redirects traffic to the one of the other websites; and determine the rank based at least on the number. 13. The computing system of claim 9 , wherein the processor-executable instructions are further executable by the one or more processors to cause the computing system to: determine a number of redirection relationships based at least on: a first number of the other websites with incoming redirection links that redirect traffic to the particular website; a second number of outgoing redirection links in the particular website that redirect traffic to the other websites; and a third number of two-way redirection relationships between the particular website and the other websites of the plurality of websites, wherein a two-way relationship between the particular website and one of the other websites is based at least on: an incoming redirection link in the one of the other websites that redirects traffic to the particular website, and an outgoing redirection link in the particular website that redirects traffic to the one of the other websites; and determine the rank based at least on the first number, the second number, and the third number. 14. The computing system of claim 9 , wherein the processor-executable instructions are further executable by the one or more processors to cause the computing system to determine the rank of the particular website based at least on a number of one or more exploit links hosted by the particular website, wherein the one or more exploit links redirect traffic to one or more exploit sites. 15. A computing device comprising: one or more hardware processors; one or more memory devices storing instructions, the instructions executable by the one or more hardware processors to cause the computing device to: determine redirection relationships between a particular website of a plurality of websites and other websites of the plurality of websites; determine a rank of the particular website of the plurality of websites based at least on the redirection relationships between the particular website and the other websites of the plurality of websites; report the rank of the particular website; and determine resource allocation for monitoring of the particular website based at least in part on the rank of the particular website. 16. Th
Assignees
Inventors
Classifications
Electricity · mapped topic
based on web technology, e.g. hypertext transfer protocol [HTTP] · CPC title
Event detection, e.g. attack signature detection · CPC title
Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities · CPC title
- H04L63/1433Primary
Vulnerability analysis · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9596255B2 cover?
- A network can be explored to investigate exploitive behavior. For example, network sites may be actively explored by a honey monkey system to detect if they are capable of accomplishing exploits, including browser-based exploits, on a machine. Also, the accomplishment of exploits may be detected by tracing events occurring on a machine after visiting a network site and analyzing the traced even…
- Who is the assignee on this patent?
- Microsoft Technology Licensing Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1433. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 14 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).