URL reputation system
First Claim
1. A method performed by a uniform resource locator (URL) reputation client, said method being performed on a computer processor, said method comprising:
- receiving a first URL as part of a request for a URL reputation, said request being sent from a client device;
determining that said first URL is not present in a cached reputation database;
determining a set of variants for said first URL;
determining that a first variant is stored within said cached reputation database, said first variant having a first classification;
determining that said first classification is inheritable;
analyzing said cached reputation database to determine that a reputation server does not contain classification information about said first URL, said cached reputation database comprising probabilistic set membership keys;
assigning said first classification to said first URL;
identifying a second URL;
analyzing said cached reputation database to determine that said second URL is included in one of said probabilistic set membership keys;
transmitting said second URL to a reputation server;
receiving a second classification, said second classification being defined for said second URL;
for each URL variant of a plurality of URL variants for said second URL, receiving a probabilistic set membership key; and
storing said received probabilistic set membership key in said cached reputation database.
2 Assignments
0 Petitions
Accused Products
Abstract
A URL reputation system may have a reputation server and a client device with a cache of reputation information. A URL reputation query from the client to the server may return reputation data along with probabilistic set membership information for several variants of the requested URL. The client may use the probabilistic set membership information to determine if the reputation server has additional information for another related URL as well as whether the classifications are inheritable from one of the variants. If the probabilistic set membership determines that the reputation server may have additional information, a query may be made to the reputation server, otherwise the reputation may be inferred from the data stored in the cache.
-
Citations
17 Claims
-
1. A method performed by a uniform resource locator (URL) reputation client, said method being performed on a computer processor, said method comprising:
-
receiving a first URL as part of a request for a URL reputation, said request being sent from a client device; determining that said first URL is not present in a cached reputation database; determining a set of variants for said first URL; determining that a first variant is stored within said cached reputation database, said first variant having a first classification; determining that said first classification is inheritable; analyzing said cached reputation database to determine that a reputation server does not contain classification information about said first URL, said cached reputation database comprising probabilistic set membership keys; assigning said first classification to said first URL; identifying a second URL; analyzing said cached reputation database to determine that said second URL is included in one of said probabilistic set membership keys; transmitting said second URL to a reputation server; receiving a second classification, said second classification being defined for said second URL; for each URL variant of a plurality of URL variants for said second URL, receiving a probabilistic set membership key; and storing said received probabilistic set membership key in said cached reputation database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A uniform resource locator (URL) reputation server comprising:
-
a processor; a network connection; a cached reputation database; said processor configured to; receive a first URL as part of a request for a URL reputation, said request being sent from a client device; determine that said first URL is not present in the cached reputation database; determine a set of variants for said first URL; determine that a first variant is stored within said cached reputation database, said first variant having a first classification; determine said first classification is inheritable; analyze said cached reputation database to determine that a reputation server does not contain classification information about said first URL, said cached reputation database comprising probabilistic set membership keys; assign said first classification to said first URL; identify a second URL; analyze said cached reputation database to determine that said second URL is included in one of said probabilistic set membership keys; transmit said second URL to a reputation server; receive a second classification, said second classification being defined for said second URL; for each URL variant of a plurality of URL variants for said second URL, receive a probabilistic set membership key; and store said received probabilistic set membership key in said cached reputation database. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A uniform resource locator (URL) reputation client comprising:
-
a processor; a network connection; a cached URL reputation database comprising reputation information for a plurality of URL addresses having a common second level domain name, and for each URL address of said plurality of URL addresses, a probabilistic set membership key for lower level URL addresses, said probabilistic set membership key indicating availability of said lower level URL addresses in a URL reputation database available from a URL reputation server; said processor configured to; receive a first URL; determine that said first URL is not present in said cached URL reputation database; determine a first set of variants comprising variants for said first URL; determine that a first variant is stored within said cached URL reputation database, said first variant having a first classification; determine that said first classification is inheritable; analyze said cached URL reputation database to determine that said reputation server does not contain classification information about said first URL, said cached URL reputation database comprising probabilistic set membership keys; assign said first classification to said first URL; receive a second URL; determine that said second URL is not present in the cached URL reputation database; determine a second set of variants comprising variants for said second URL; determine that none of said second set of variants are stored within said cached URL reputation database; transmit said second URL to said URL reputation server; and receive a second classification assigned to said second URL from said URL reputation server. - View Dependent Claims (17)
-
Specification