Techniques for identifying and managing potentially harmful web traffic

US 20070186282A1
Filed: 02/06/2006
Published: 08/09/2007
Est. Priority Date: 02/06/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method of identifying a potentially harmful request comprising:

assigning a threat rating to a received request in accordance with one or more attribute values of said received request; and

determining an action in accordance with said threat rating.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are provided for identifying a potentially harmful request. A threat rating is assigned to a received request in accordance with one or more attribute values of the received request. An action is determined in accordance with the threat rating.

Citations

20 Claims

1. A method of identifying a potentially harmful request comprising:
- assigning a threat rating to a received request in accordance with one or more attribute values of said received request; and
  
  determining an action in accordance with said threat rating.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, further comprising:
    - performing said action.
  - 3. The method of claim 1, wherein said action indicates whether processing associated with servicing said received request is performed.
  - 4. The method of claim 1, wherein said threat rating is an overall threat rating for said received request, and the method further comprising:
    - determining an individual threat rating for each of said one or more attribute values.
  - 5. The method of claim 1, wherein said threat rating is an overall threat rating for said received request, said assigning is performed using a plurality of attributes of said received request, and the method further comprising:
    - determining an individual threat rating for a plurality of said attribute values occurring within a same request.
  - 6. The method of claim 4, further comprising:
    - adding each of said individual threat ratings to determine said overall threat rating.
  - 7. The method of claim 1, wherein said threat rating is determined using at least one derived attribute value generated using one or more attribute values included in said received request.
  - 8. The method of claim 1, further comprising:
    - receiving one or more threat profiles, each of said one or more threat profiles identifying threat levels for specific attribute values.
  - 9. The method of claim 8, wherein said assigning step determines a threat rating for one or more attribute values included in said received request using appropriate ones of said threat profiles.
  - 10. The method of claim 1, wherein said determining step uses a threat matrix identifying one or more actions to take in accordance with associate threat ratings.
  - 11. The method of claim 10, wherein said threat matrix includes a plurality of ranges of threat ratings, each of said ranges being associated with an action.
  - 12. The method of claim 1, wherein said assigning and said determining are performed by a request analyzer associated with a firewall component on a system receiving the received request.
  - 13. The method of claim 8, wherein one or more of said threat profiles include information which is dynamically determined in accordance with a trending of received requests over period of time.
  - 14. The method of claim 13, wherein said trending is performed in accordance with predetermined criteria including at least one of:
    - a size associated with incoming requests received over a time period, and a predetermined amount of time from when said trending was last performed.
  - 15. The method of claim 8, wherein a first threat rating is associated with a first threshold for one of said attribute values and a second threat rating is associated with a second threshold for said one of said attribute values.

16. A method of identifying a potentially harmful request comprising:
- receiving one or more threat profiles identifying threat ratings for associated attribute values included in incoming request;
  
  tagging an incoming request with a request threat rating in accordance with one or more attribute values of said incoming request; and
  
  determining an action in accordance with said request threat rating.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, further comprising:
    - determining said request threat rating by adding a plurality of said threat ratings for attributes values associated with said incoming request.
  - 18. The method of claim 16, wherein a portion of information included in said threat profiles is dynamically determined in accordance with a trending of received requests over period of time.

19. A computer readable medium having computer executable instructions stored thereon for performing steps comprising:
- receiving one or more threat profiles identifying threat ratings for associated attribute values included in incoming request;
  
  tagging an incoming request with a request threat rating in accordance with one or more attribute values of said incoming request;
  
  determining an action in accordance with said request threat rating; and
  
  performing said action.
- View Dependent Claims (20)
- - 20. The computer readable medium of claim 19, further comprising executable instructions stored thereon for performing steps comprising:
    - dynamically determining at least a portion of information included in said threat profiles in accordance with a trending of received requests over period of time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Jenkins, James

Application Number

US11/347,966
Publication Number

US 20070186282A1
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

H04L 63/1416 Event detection, e.g. attac...

Techniques for identifying and managing potentially harmful web traffic

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for identifying and managing potentially harmful web traffic

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links