Risk assessment
First Claim
Patent Images
1. A system for performing a risk assessment of a website, comprising:
- a detection engine executing on a computer processor and configured to;
emulate presentation of a plurality of web pages of the website,extract content based on emulating presentation of the plurality of web pages, anddetect, based on at least one signal associated with malware, a plurality of suspicious elements included in the extracted content;
a risk assessment module configured to;
classify each of the plurality of suspicious elements into a category of a plurality of categories, each category of the plurality of categories being associated with a different property of the extracted content,generate an individual risk rating for each category in the plurality of categories based on the suspicious elements classified into the category,assign a weight to each of the individual risk ratings generated for the plurality of categories,combine the individual risk ratings based on the weight assigned to each of the individual ratings, andcalculate, based on the combined individual risk ratings, an overall risk rating associated with the website; and
a reporting engine configured to;
provide as output a risk assessment report comprising the overall risk rating.
4 Assignments
0 Petitions
Accused Products
Abstract
Performing a risk assessment of a website is disclosed. A plurality of elements included in the website is categorized. The risk posed by the presence of at least some of the plurality of elements is assessed. Example elements include third party content and out-of-date web applications. A risk assessment report is provided as output.
130 Citations
19 Claims
-
1. A system for performing a risk assessment of a website, comprising:
-
a detection engine executing on a computer processor and configured to; emulate presentation of a plurality of web pages of the website, extract content based on emulating presentation of the plurality of web pages, and detect, based on at least one signal associated with malware, a plurality of suspicious elements included in the extracted content; a risk assessment module configured to; classify each of the plurality of suspicious elements into a category of a plurality of categories, each category of the plurality of categories being associated with a different property of the extracted content, generate an individual risk rating for each category in the plurality of categories based on the suspicious elements classified into the category, assign a weight to each of the individual risk ratings generated for the plurality of categories, combine the individual risk ratings based on the weight assigned to each of the individual ratings, and calculate, based on the combined individual risk ratings, an overall risk rating associated with the website; and a reporting engine configured to; provide as output a risk assessment report comprising the overall risk rating. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for performing a risk assessment of a website, comprising:
-
emulating presentation of a plurality of web pages of the website; extracting content based on emulating presentation of the plurality of web pages; detecting, based on at least one signal associated with malware a plurality of suspicious elements included in the extracted content; classifying each of the plurality of suspicious elements into a category of a plurality of categories, each category of the plurality of categories being associated with a different property of the extracted content; generating an individual risk rating for each category in the plurality of categories based on the suspicious elements classified into the category, assigning a weight to each of the individual risk ratings generated for the plurality of categories; combining the individual risk ratings based on the weight assigned to each of the individual ratings; calculating, by a computer processor and based on the combined individual risk ratings, an overall risk rating associated with the website; and providing as output a risk assessment report comprising the overall risk rating. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A non-transitory computer readable medium comprising a plurality of instructions for performing a risk assessment of a website, the plurality of instructions configured to execute on at least one computer processor and comprising functionality to:
-
emulate presentation of a plurality of web pages of the website; extract content based on emulating presentation of the plurality of web pages; detect, based on at least one signal associated with malware, a plurality of suspicious elements included in the extracted content; generate an individual risk rating for each category in the plurality of categories based on the suspicious elements classified into the category; assign a weight to each of the individual risk ratings generated for the plurality of categories; combine the individual risk ratings based on the weight assigned to each of the individual ratings; calculate, based on the combined individual risk ratings, an overall risk rating associated with the website; and provide as output a risk assessment report comprising the overall risk rating. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification