Honey monkey network exploration
First Claim
Patent Images
1. One or more processor-accessible storage devices comprising instructions that are executable by one or more processors to perform actions comprising:
- visiting a uniform resource locator (URL) of a parent list of redirection URLs;
producing a child list of redirection URLs based on visiting the URL of the parent list of redirection URLs, the child list of redirection URLs including a plurality of child URLs;
recursively visiting the child URLs of the child list of redirection URLs to discover redirection relationships between the child URLs that are visited; and
creating a graph that includes the child URLs that are visited and that indicates the redirection relationships between the child URLs.
3 Assignments
0 Petitions
Accused Products
Abstract
A network can be explored to investigate exploitive behavior. For example, network sites may be actively explored by a honey monkey system to detect if they are capable of accomplishing exploits, including browser-based exploits, on a machine Also, the accomplishment of exploits may be detected by tracing events occurring on a machine after visiting a network site and analyzing the traced events for illicit behavior. Alternatively, site redirections between and among uniform resource locators (URLs) may be explored to discover relationships between sites that are visited.
27 Citations
20 Claims
-
1. One or more processor-accessible storage devices comprising instructions that are executable by one or more processors to perform actions comprising:
-
visiting a uniform resource locator (URL) of a parent list of redirection URLs; producing a child list of redirection URLs based on visiting the URL of the parent list of redirection URLs, the child list of redirection URLs including a plurality of child URLs; recursively visiting the child URLs of the child list of redirection URLs to discover redirection relationships between the child URLs that are visited; and creating a graph that includes the child URLs that are visited and that indicates the redirection relationships between the child URLs. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. a system comprising:
-
one or more processors; and one or more processor-accessible storage media storing; a trace file; a browser; and a strider tracer module including instructions executable by the one or more processors to; determine a given uniform resource locator (URL) visited by the browser; trace visits to a number of redirection URLs in response to the browser visiting the given URL; log the visit to the given URL and the visits to the redirection URLs in the trace file; and generate a topology graph that indicates redirection relationships between the number of redirection URLs. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A method comprising:
-
determining a given uniform resource locator (URL) visited by a browser; tracing cross-domain auto visits to a number of redirection URLs in response to the browser visiting the given URL; logging the visit to the given URL and the cross-domain auto-visits to the redirection URLs in a trace file; and generating a topology graph that indicates redirection relationships between the number of redirection URLs, wherein the redirection relationships between the redirection URLs include a plurality of cross-domain auto visit relationships between the redirection URLs. - View Dependent Claims (19, 20)
-
Specification