Security monitoring

US 8,516,591 B2
Filed: 03/14/2011
Issued: 08/20/2013
Est. Priority Date: 05/13/2010
Status: Active Grant

First Claim

Patent Images

1. A method of determining a combined trust level for a website, the method comprising:

analyzing a user account associated with the creation or server side maintenance of the website, the analysis of the user account being capable of identifying the presence or absence of a first risk factor affecting a likelihood that the user account is engaged in a malicious activity;

analyzing a source code file associated with the website, the source code file capable of being used to create a message for sending to a remote computing device, the analysis of the source code file being capable of identifying the presence or absence of a second risk factor affecting a likelihood that the source code file is facilitating a malicious activity; and

based on the analysis of the user account and the analysis of the source code file, determining the combined trust level for the website, the combined trust level indicating a likelihood that the website is not engaged in a malicious activity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are systems, apparatus, methods, and computer readable media for determining a combined trust level for a website. In one embodiment, a user account associated with the creation or maintenance of the website may be analyzed. The analysis of the user account may be capable of identifying the presence or absence of a first risk factor affecting a likelihood that the user account is engaged in a malicious activity. A source code file capable of being used to create a message for sending to a remote computing device may be analyzed. The analysis of the source code file may be capable of identifying the presence or absence of a second risk factor affecting a likelihood that the source code file is facilitating a malicious activity. Based on the analysis, a combined trust level for the website may be determined.

Citations

14 Claims

1. A method of determining a combined trust level for a website, the method comprising:
- analyzing a user account associated with the creation or server side maintenance of the website, the analysis of the user account being capable of identifying the presence or absence of a first risk factor affecting a likelihood that the user account is engaged in a malicious activity;
  
  analyzing a source code file associated with the website, the source code file capable of being used to create a message for sending to a remote computing device, the analysis of the source code file being capable of identifying the presence or absence of a second risk factor affecting a likelihood that the source code file is facilitating a malicious activity; and
  
  based on the analysis of the user account and the analysis of the source code file, determining the combined trust level for the website, the combined trust level indicating a likelihood that the website is not engaged in a malicious activity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method recited in claim 1, the method further comprising:
    - analyzing a communication transmitted or received by the website, the analysis of the communication being capable of identifying the presence or absence of a third risk factor affecting a likelihood that the communication is involved in a malicious activity.
  - 3. The method recited in claim 2, wherein the communication comprises a webpage transmitted from the website to a client machine, wherein identifying the presence or absence of the third risk factor comprises determining whether the webpage is obfuscated, and wherein a determination that the webpage is obfuscated results in a relatively lesser combined trust level.
  - 4. The method recited in claim 1, wherein analyzing the user account comprises:
    - determining an interval of time between a creation date of the user account and a creation date of the website, wherein a relatively greater interval of time results in a relatively greater combined trust level.
  - 5. The method recited in claim 1, wherein analyzing the user account comprises:
    - determining an activity frequency for the user account, the activity frequency indicating an occurrence of interaction between the user account and the website, wherein a relatively greater activity frequency results in a relatively greater combined trust level.
  - 6. The method recited in claim 1, wherein analyzing the user account comprises:
    - identifying a second website, the user account being associated with the creation or maintenance of the second website;
      
      determining a second combined trust level for the second website, wherein the second combined trust level for the second website affects the combined trust level for the website.
  - 7. The method recited in claim 1, wherein analyzing the source code file comprises:
    - identifying a hyperlink within the source code, the hyperlink being addressed to a public network location; and
      
      determining whether the public network location is in a list of designated public network locations, wherein the presence or absence of the public network location in the list of designated public network locations affects the combined trust level.
  - 8. The method recited in claim 1, the method further comprising:
    - determining whether the combined trust level meets a designated trust level threshold value; and
      
      when the combined trust level does not meet the designated trust threshold value, storing an indication that the website is likely to be participating in a malicious activity.
  - 9. The method recited in claim 8,wherein the indication is stored in a multitenant database accessible to a plurality of tenants via an on-demand computing services environment.

10. One or more non-transitory computer readable media having instructions stored thereon for performing a method of determining a combined trust level for a website, the method comprising:
- analyzing a user account associated with the creation or server side maintenance of the website, the analysis of the user account being capable of identifying the presence or absence of a first risk factor affecting a likelihood that the user account is engaged in a malicious activity;
  
  analyzing a source code file associated with the website, the source code file capable of being used to create a message for sending to a remote computing device, the analysis of the source code file being capable of identifying the presence or absence of a second risk factor affecting a likelihood that the source code file is facilitating a malicious activity; and
  
  based on the analysis of the user account and the analysis of the source code file, determining a combined trust level for the website, the combined trust level indicating a likelihood that the website is not engaged in a malicious activity.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The one or more non-transitory computer readable media recited in claim 10, the method further comprising:
    - analyzing a communication transmitted or received by the website, the analysis of the communication being capable of identifying the presence or absence of a third risk factor affecting a likelihood that the communication is facilitating a malicious activity.
  - 12. The one or more non-transitory computer readable media recited in claim 11, wherein the communication comprises a webpage transmitted from the website to a client machine, wherein identifying the presence or absence of the third risk factor comprises determining whether the webpage is obfuscated, and wherein a determination that the webpage is obfuscated results in a relatively lesser combined trust level.
  - 13. The one or more non-transitory computer readable media recited in claim 10, wherein analyzing the user account comprises:
    - determining an interval of time between a creation date of the user account and a creation date of the website, wherein a relatively greater interval of time results in a relatively greater combined trust level.
  - 14. The one or more non-transitory computer readable media recited in claim 10, wherein analyzing the user account comprises:
    - determining an activity frequency for the user account, the activity frequency indicating an occurrence of interaction between the user account and the website, wherein a relatively greater activity frequency results in a relatively greater combined trust level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Fly, Robert, Greene, Collin, Soby, Brian, Dolph, James
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Le, David

Application Number

US13/047,549
Publication Number

US 20110283356A1
Time in Patent Office

890 Days
Field of Search

None
US Class Current

726/24
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1408   by monitoring network traff...

H04L 9/3234   involving additional secure...

Security monitoring

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Security monitoring

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links