Referrer context identification for remote object links
First Claim
1. A method of identifying referrer context information for links to remote objects, comprising:
- monitoring network traffic received at a client device in a plurality of different protocols;
identifying in the network traffic links to remote objects, the links received via the plurality of different protocols;
identifying, using pattern matching, referrer context information within the monitored network traffic that is associated with the links to the remote objects, wherein types of referrer context information are specific to the protocols in which the links to the remote objects were received, different types of referrer context information are identified for links to remote objects received via different protocols, and the referrer context information comprises information allowing ascertainment of referrers that provided the network traffic containing the links to the remote objects to the client device;
storing the links to the remote objects and the associated referrer context information; and
responsive to receiving a request for a source of a remote object triggered by detection of malicious code associated with the remote object, looking up stored referrer context information associated with a link to the remote object.
5 Assignments
0 Petitions
Accused Products
Abstract
A computer, computer program product, and method identify referrer context information associated with a remote object link. A network inspection module monitors network traffic and a remote object link identification module identifies remote links and their associated referrer context information. A link storage module stores the referrer context information along with the associated link. A look up module looks up the referrer context information in response to a request for a source of a link. The referrer context information is an important security resource in identifying the true source of a threat, and in avoiding future attacks. In addition, it allows for a more complete picture of how a link moves from one client to another by tracking how the link was sent and received.
54 Citations
11 Claims
-
1. A method of identifying referrer context information for links to remote objects, comprising:
-
monitoring network traffic received at a client device in a plurality of different protocols; identifying in the network traffic links to remote objects, the links received via the plurality of different protocols; identifying, using pattern matching, referrer context information within the monitored network traffic that is associated with the links to the remote objects, wherein types of referrer context information are specific to the protocols in which the links to the remote objects were received, different types of referrer context information are identified for links to remote objects received via different protocols, and the referrer context information comprises information allowing ascertainment of referrers that provided the network traffic containing the links to the remote objects to the client device; storing the links to the remote objects and the associated referrer context information; and responsive to receiving a request for a source of a remote object triggered by detection of malicious code associated with the remote object, looking up stored referrer context information associated with a link to the remote object. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory computer-readable storage medium having computer program instructions embodied therein for identifying referrer context information for links to remote objects, comprising:
-
a network inspection module configured to monitor network traffic received at a client device in a plurality of different protocols; a remote object link identification module configured to identify in the network traffic links to remote objects, the links received via the plurality of different protocols, and to identify, using pattern matching, referrer context information within the monitored network traffic that is associated with the links to the remote objects, wherein types of referrer context information are specific to the protocols in which the links to the remote objects were received, different types of referrer context information are identified for links to remote objects received via different protocols, and the referrer context information comprises information allowing ascertainment of referrers that provided the network traffic containing the links to the remote objects to the client device; a link storage module configured to store the links to the remote objects and the associated referrer context information; and a look up module configured to look up stored referrer context information associated with a link to a remote object in response to receiving a request for a source of the remote object triggered by detection of malicious code associated with the remote object. - View Dependent Claims (7, 8)
-
-
9. A computer adapted to identify referrer context information for links to remote objects, comprising:
-
a processor for executing computer program modules; and a non-transitory computer-readable storage medium storing executable computer program modules comprising; a network inspection module configured to monitor network traffic received at a client device in a plurality of different protocols; a remote object link identification module configured to identify in the network traffic links to remote objects, the links received via the plurality of different protocols, and to identify, using pattern matching, referrer context information within the monitored network traffic that is associated with the links to the remote objects, wherein types of referrer context information are specific to the protocols in which the links to the remote objects were received, different types of referrer context information are identified for links to remote objects received via different protocols, and the referrer context information comprises information allowing ascertainment of referrers that provided the network traffic containing the links to the remote objects to the client device; a link storage module configured to store the links to the remote objects and the associated referrer context information; and a look up module configured to look up stored referrer context information associated with a link to a remote object in response to receiving a request for a source of the remote object triggered by detection of malicious code associated with the remote object. - View Dependent Claims (10, 11)
-
Specification