METHOD AND SYSTEM FOR DETECTING MALICIOUS WEB ADDRESSES
First Claim
1. A method for detecting a malicious web address, comprising:
- receiving a uniform resource locator (URL) reported by a user;
acquiring a HyperText Transfer Protocol (HTTP) request chain associated with the URL, the HTTP request chain being a sequential linked list comprising information about multiple HTTP request-response interactions during an access to the URL; and
analyzing the HTTP request chain to determine whether the URL is a malicious web address.
3 Assignments
0 Petitions
Accused Products
Abstract
The present application provides a method and system for detecting malicious web addresses. The method includes: receiving a uniform resource locator (URL) reported by a user; acquiring a HyperText Transfer Protocol (HTTP) request chain associated with the URL, wherein the HTTP request chain is a sequential linked list including information about multiple HTTP request-response interactions during an access to the URL; and analyzing the HTTP request chain to determine whether the URL is a malicious web address. The technical solution of the present application can provide an accurate result of malicious web address detection, can detect various newly emerging malicious web addresses, and are user-friendly. The user only needs to upload the URL and does not need to provide any other information.
26 Citations
22 Claims
-
1. A method for detecting a malicious web address, comprising:
-
receiving a uniform resource locator (URL) reported by a user; acquiring a HyperText Transfer Protocol (HTTP) request chain associated with the URL, the HTTP request chain being a sequential linked list comprising information about multiple HTTP request-response interactions during an access to the URL; and analyzing the HTTP request chain to determine whether the URL is a malicious web address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for detecting a malicious web address, comprising a crawler subsystem and a detection subsystem,
the crawler subsystem comprising a crawler scheduling server and one or more active crawler servers, the crawler scheduling server configured to receive a uniform resource locator (URL) reported by a user, and schedule the one or more active crawler servers; - and the active crawler server configured to acquire, as scheduled by the crawler scheduling server, a HyperText Transfer Protocol (HTTP) request chain associated with the URL, the HTTP request chain being a sequential linked list comprising information about multiple HTTP request-response interactions during an access to the URL; and
the detection subsystem comprises an analysis unit configured to analyze the HTTP request chain to determine whether the URL is a malicious web address. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- and the active crawler server configured to acquire, as scheduled by the crawler scheduling server, a HyperText Transfer Protocol (HTTP) request chain associated with the URL, the HTTP request chain being a sequential linked list comprising information about multiple HTTP request-response interactions during an access to the URL; and
-
21. A device, comprising:
-
one or more processors; a memory; and one or more programs stored in the memory, the one or more programs being used by the one or more processors to; receive a uniform resource locator (URL) reported by a user; acquire a HyperText Transfer Protocol (HTTP) request chain associated with the URL, wherein the HTTP request chain is a sequential linked list comprising information about multiple HTTP request-response interactions during an access to the URL; and analyze the HTTP request chain to determine whether the URL is a malicious web address.
-
-
22. A non-volatile computer readable storage medium, storing one or more programs, the one or more programs, when executed by a device, causing the device to:
-
receive a uniform resource locator (URL) reported by a user; acquire a HyperText Transfer Protocol (HTTP) request chain associated with the URL, the HTTP request chain being a sequential linked list comprising information about multiple HTTP request-response interactions during an access to the URL; and analyze the HTTP request chain to determine whether the URL is a malicious web address.
-
Specification