Honey Monkey Network Exploration
First Claim
1. One or more processor-accessible storage media comprising processor-executable instructions that, when executed, direct a device to perform actions comprising:
- visiting a uniform resource locator (URL) of a parent list of redirection URLs;
producing a child list of redirection URLs based on visiting the URL of the parent list of redirection URLs, the child list of redirection URLs including a plurality of child URLs;
recursively visiting the child URLs of the child list of redirection URLs to discover redirection relationships between the child URLs that are visited; and
creating a graph that includes the child URLs that are visited and that indicates the redirection relationships between the child URLs.
3 Assignments
0 Petitions
Accused Products
Abstract
A network can be explored to investigate exploitive behavior. For example, network sites may be actively explored by a honey monkey system to detect if they are capable of accomplishing exploits, including browser-based exploits, on a machine Also, the accomplishment of exploits may be detected by tracing events occurring on a machine after visiting a network site and analyzing the traced events for illicit behavior. Alternatively, site redirections between and among uniform resource locators (URLs) may be explored to discover relationships between sites that are visited.
43 Citations
20 Claims
-
1. One or more processor-accessible storage media comprising processor-executable instructions that, when executed, direct a device to perform actions comprising:
-
visiting a uniform resource locator (URL) of a parent list of redirection URLs; producing a child list of redirection URLs based on visiting the URL of the parent list of redirection URLs, the child list of redirection URLs including a plurality of child URLs; recursively visiting the child URLs of the child list of redirection URLs to discover redirection relationships between the child URLs that are visited; and creating a graph that includes the child URLs that are visited and that indicates the redirection relationships between the child URLs. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus comprising:
-
a processor; and one or more processor-accessible storage media storing; a trace file; a browser; and a strider tracer module including instructions executable by the processor to; determine a given uniform resource locator (URL) visited by the browser; trace visits to a number of redirection URLs in response to the browser visiting the given URL; log the visit to the given URL and the visits to the redirection URLs in the trace file; and generate a topology graph that indicates redirection relationships between the number of redirection URLs. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method comprising:
-
generating a topology graph by a device including a processor executing a honey monkey system, the topology graph indicating redirection relationships between a plurality of uniform resource locators (URLs), a plurality of websites, and web pages hosted by the plurality of websites; determining, by the device, a ranking of a particular website of the plurality of websites based on a number of redirection relationships between the particular website and additional websites of the plurality of websites; and monitoring, by the device, the particular website based on the ranking. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification