Methods and arrangement for active malicious web pages discovery
First Claim
Patent Images
1. An arrangement for performing active malicious web page discovery, comprising:
- a web monitor module, said web monitor module being configured to monitor a plurality of potential suspicious unified resource locators (URLs);
a crawler module, said crawler module being configured to download content associated with said plurality of potential suspicious URLs;
a malicious page identifier (MPI), said MPI being configured to verify a set of risk statuses for said plurality of potential suspicious URLs; and
a unified resource locator (URL) database, said URL database being configured to store at least said plurality of potential suspicious URLs, said URL database being maintained automatically to remove URLs, wherein at least an expired URL is removed from said URL database when said crawler module is unable to download web content associated with said expired URL.
1 Assignment
0 Petitions
Accused Products
Abstract
An arrangement for performing active malicious web page discovery is provided. The arrangement includes a web monitor module, which is configured to monitor a plurality of potential suspicious unified resource locators (URLs). The arrangement also includes a crawler module, which is configured to download the plurality of potential suspicious URLs. The arrangement further includes a malicious page identifier (MPI), which is configured to verify a set of risk statuses for the plurality of potential suspicious URLs.
195 Citations
20 Claims
-
1. An arrangement for performing active malicious web page discovery, comprising:
-
a web monitor module, said web monitor module being configured to monitor a plurality of potential suspicious unified resource locators (URLs); a crawler module, said crawler module being configured to download content associated with said plurality of potential suspicious URLs; a malicious page identifier (MPI), said MPI being configured to verify a set of risk statuses for said plurality of potential suspicious URLs; and a unified resource locator (URL) database, said URL database being configured to store at least said plurality of potential suspicious URLs, said URL database being maintained automatically to remove URLs, wherein at least an expired URL is removed from said URL database when said crawler module is unable to download web content associated with said expired URL. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for performing automatic active malicious web page discovery, comprising:
-
identifying, using a web monitor module, potential suspicious URLs; downloading, employing a crawler module to access the internet, a first URL from said potential suspicious URLs; parsing, using said web monitor, said first web page to identify a second set of URLs to be sent to said crawler module for downloading; and verifying, using a malicious page identifier (MPI), a set of risk statuses of a third set of web pages, said third set of web pages being at least associated with one of said first URL and said second set of URLs. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. An article of manufacture comprising a program storage medium having computer readable code embodied therein, said computer readable code being configured for performing automatic active malicious web page discovery, comprising:
-
code for identifying, using a web monitor module, potential suspicious URLs; code for downloading, using a crawler module to access the interne, a first URL from said potential suspicious URLs; code for parsing, employing said web monitor, said first web page to identify a second set of URLs to be sent to said crawler module for downloading; and code for verifying, using a malicious page identifier (MPI), a set of risk statuses of a third set of web pages, said third set of web pages being at least associated with one of said first URL and said second set of URLs. - View Dependent Claims (17, 18, 19, 20)
-
Specification