Honey Monkey Network Exploration
First Claim
Patent Images
1. A system comprising:
- a browser that is capable of visiting network locations as represented by uniform resource locators (URLs); and
a browser-based vulnerability exploit detector that directs the browser to visit a given URL by making an information request to the given URL;
the browser-based vulnerability exploit detector adapted to detect if the given URL accomplishes an exploit on the system after the browser makes the information request to the given URL.
2 Assignments
0 Petitions
Accused Products
Abstract
A network can be explored to investigate exploitive behavior. For example, network sites may be actively explored by a honey monkey system to detect if they are capable of accomplishing exploits, including browser-based exploits, on a machine. Also, the accomplishment of exploits may be detected by tracing events occurring on a machine after visiting a network site and analyzing the traced events for illicit behavior. Alternatively, site redirections between and among uniform resource locators (URLs) may be explored to discover relationships between sites that are visited.
-
Citations
20 Claims
-
1. A system comprising:
-
a browser that is capable of visiting network locations as represented by uniform resource locators (URLs); and
a browser-based vulnerability exploit detector that directs the browser to visit a given URL by making an information request to the given URL;
the browser-based vulnerability exploit detector adapted to detect if the given URL accomplishes an exploit on the system after the browser makes the information request to the given URL. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. One or more processor-accessible media comprising processor-executable instructions that, when executed, direct a device to perform actions comprising:
-
visiting a uniform resource locator (URL) of a parent list of redirection URLs;
producing a child list of redirection URLs from the action of visiting;
recursively visiting child URLs of the child list of redirection URLs to discover redirection relationships of the URLs that are visited; and
creating a graph that includes the URLs that are visited and that indicates the discovered redirection relationships. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A method comprising:
-
requesting information from a targeted network location as represented by a uniform resource locator (URL);
receiving a response from the targeted URL;
tracing events that occur on a machine;
ascertaining if an illicit event occurred based on the traced events; and
determining that an exploit has been accomplished by the targeted URL if an illicit event is ascertained to have occurred. - View Dependent Claims (17, 18, 19, 20)
-
Specification