Systems and methods for detecting an attack on an auto-generated website by a virtual machine
First Claim
1. A system for detecting an attack by a first virtual or physical machine on one or more auto-generated websites, the system comprising:
- a processor;
a memory; and
an application stored in the memory and including instructions, which are executable by the processor and that are configured toaccess an index of a search engine server computer and determine uniform resource locators (URLs) of a plurality of auto-generated websites, wherein the plurality of auto-generated websites include the one or more auto-generated websites;
access a plurality of Internet protocol (IP) address-URL entries stored in a domain name system server computer;
determine a first feature based on the URLs of the plurality of auto-generated websites and the IP address-URL entries, wherein the application, in determining the first feature, (i) determines which IP addresses in the IP address-URL entries are associated with hosting one of the plurality of auto-generated websites, and (ii) for each IP address in the IP address-URL entries, counts a number of corresponding URLs;
collect header data of packets transmitted to or received from the first virtual or physical machine;
determine a second feature based on the first feature and the header data;
based on the second feature, generate a value indicative of whether the first virtual or physical machine has attacked the one or more auto-generated websites; and
perform a countermeasure based on the value.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for detecting an attack by a virtual or physical machine on one or more auto-generated websites is provided. The system includes a processor, a memory, and an application. The application is stored in the memory and includes instructions, which are executable by the processor. The instructions are configured to: access an index of a search engine server computer and determine uniform resource locators (URLs) of auto-generated websites, where the auto-generated websites include the one or more auto-generated websites; and access Internet protocol (IP) address-URL entries stored in a domain name system server computer. The instructions are also configured to: determine a first feature based on the URLs of the auto-generated websites and the IP address-URL entries; collect header data of packets transmitted to or received from the virtual or physical machine; determine a second feature based on the first feature and the header data; based on the second feature, generate a value indicative of whether the first virtual or physical machine has attacked the one or more auto-generated websites; and perform a countermeasure based on the value.
-
Citations
14 Claims
-
1. A system for detecting an attack by a first virtual or physical machine on one or more auto-generated websites, the system comprising:
-
a processor; a memory; and an application stored in the memory and including instructions, which are executable by the processor and that are configured to access an index of a search engine server computer and determine uniform resource locators (URLs) of a plurality of auto-generated websites, wherein the plurality of auto-generated websites include the one or more auto-generated websites; access a plurality of Internet protocol (IP) address-URL entries stored in a domain name system server computer; determine a first feature based on the URLs of the plurality of auto-generated websites and the IP address-URL entries, wherein the application, in determining the first feature, (i) determines which IP addresses in the IP address-URL entries are associated with hosting one of the plurality of auto-generated websites, and (ii) for each IP address in the IP address-URL entries, counts a number of corresponding URLs; collect header data of packets transmitted to or received from the first virtual or physical machine; determine a second feature based on the first feature and the header data; based on the second feature, generate a value indicative of whether the first virtual or physical machine has attacked the one or more auto-generated websites; and perform a countermeasure based on the value. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A tangible computer readable device storing instructions executable by a processor for detecting an attack by a first virtual or physical machine on one or more auto-generated websites, the instructions comprising:
-
determining uniform resource locators (URLs) of a plurality of auto-generated websites based on an index of a search engine server computer, wherein the plurality of auto-generated websites include the one or more auto-generated websites; accessing a plurality of Internet protocol (IP) address-URL entries in a domain name system server computer; determining a first feature based on the URLs of the plurality of auto-generated websites and the IP address-URL entries, wherein determining the first feature includes (i) determining which IP addresses in the IP address-URL entries are associated with hosting one of the plurality of auto-generated websites, and (ii) for each IP address in the IP address-URL entries, counting a number of corresponding URLs; collecting header data of packets transmitted to or received from the first virtual or physical machine; determining a second feature based on the first feature and the header data; based on the second feature, generating a value indicative of whether the first virtual or physical machine has attacked the one or more auto-generated websites; and performing a countermeasure based on the value. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification