IDENTIFYING MALICIOUS WEB INFRASTRUCTURES
First Claim
1. A computer-implemented method for identifying malicious servers, the computer-implemented method comprising:
- determining, by a computer, malicious edges between server vertices corresponding to visible servers and invisible servers involved in network traffic redirection chains based on determined graph-based features within a bipartite graph corresponding to visible and invisible server vertices involved in the network traffic redirection chains and determined distance-based features corresponding to the invisible server vertices involved in the network traffic redirection chains;
identifying, by the computer, malicious server vertices in the bipartite graph based on the determined malicious edges between the server vertices corresponding to the visible servers and invisible servers involved in the network traffic redirection chains; and
blocking, by the computer, access by client devices to malicious servers corresponding to the identified malicious server vertices in the bipartite graph.
1 Assignment
0 Petitions
Accused Products
Abstract
Identifying malicious servers is provided. Malicious edges between server vertices corresponding to visible servers and invisible servers involved in network traffic redirection chains are determined based on determined graph-based features within a bipartite graph corresponding to invisible server vertices involved in the network traffic redirection chains and determined distance-based features corresponding to the invisible server vertices involved in the network traffic redirection chains. Malicious server vertices are identified in the bipartite graph based on the determined malicious edges between the server vertices corresponding to the visible servers and invisible servers involved in the network traffic redirection chains. Access by client devices is blocked to malicious servers corresponding to the identified malicious server vertices in the bipartite graph.
31 Citations
10 Claims
-
1. A computer-implemented method for identifying malicious servers, the computer-implemented method comprising:
-
determining, by a computer, malicious edges between server vertices corresponding to visible servers and invisible servers involved in network traffic redirection chains based on determined graph-based features within a bipartite graph corresponding to visible and invisible server vertices involved in the network traffic redirection chains and determined distance-based features corresponding to the invisible server vertices involved in the network traffic redirection chains; identifying, by the computer, malicious server vertices in the bipartite graph based on the determined malicious edges between the server vertices corresponding to the visible servers and invisible servers involved in the network traffic redirection chains; and blocking, by the computer, access by client devices to malicious servers corresponding to the identified malicious server vertices in the bipartite graph. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification