Systems and methods for generating reputation-based ratings for uniform resource locators

US 8,826,426 B1
Filed: 05/05/2011
Issued: 09/02/2014
Est. Priority Date: 05/05/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for generating reputation-based ratings for uniform resource locators, at least a portion of the method being performed by a reputation server comprising at least one processor, the method comprising:

identifying, by the reputation server, a uniform resource locator (URL) that identifies the location of at least one web resource;

identifying, by the reputation server, at least one numeric computing-health score assigned to at least one computing device within a computing community that has previously accessed the URL;

identifying, by the reputation server, a number of computing devices within the computing community that have previously accessed the URL;

generating, by the reputation server, a reputation rating for the URL by;

weighting the numeric computing-health score assigned to the computing device that has previously accessed the URL;

weighting the number of computing devices within the computing community that have previously accessed the URL;

generating the reputation rating for the URL based at least in part on the weighted numeric computing-health score assigned to the computing device and the weighted number of computing devices within the computing community that have previously accessed the URL, wherein the reputation rating for the URL indicates whether the URL represents a potential security risk;

providing, by the reputation server, the reputation rating for the URL to at least one additional computing device to enable the additional computing device to evaluate whether the URL represents the potential security risk.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An exemplary computer-implemented method for generating reputation ratings for URLs may include (1) identifying a URL that identifies the location of at least one web resource, (2) identifying the computing health of at least one member of a computing community that has accessed the URL, (3) generating, based at least in part on the computing health of the member(s) that accessed the URL, a reputation rating for the URL that indicates whether the URL represents a potential security risk, and then (4) providing the reputation rating for the URL to at least one additional computing device to enable the additional computing device to evaluate whether the URL represents a potential security risk. In addition, a client-side, computer-implemented method for determining whether a URL represents a potential security risk may be based at least in part on such a reputation rating. Various other methods, systems, and computer-readable media are also disclosed.

79 Citations

View as Search Results

19 Claims

1. A computer-implemented method for generating reputation-based ratings for uniform resource locators, at least a portion of the method being performed by a reputation server comprising at least one processor, the method comprising:
- identifying, by the reputation server, a uniform resource locator (URL) that identifies the location of at least one web resource;
  
  identifying, by the reputation server, at least one numeric computing-health score assigned to at least one computing device within a computing community that has previously accessed the URL;
  
  identifying, by the reputation server, a number of computing devices within the computing community that have previously accessed the URL;
  
  generating, by the reputation server, a reputation rating for the URL by;
  
  weighting the numeric computing-health score assigned to the computing device that has previously accessed the URL;
  
  weighting the number of computing devices within the computing community that have previously accessed the URL;
  
  generating the reputation rating for the URL based at least in part on the weighted numeric computing-health score assigned to the computing device and the weighted number of computing devices within the computing community that have previously accessed the URL, wherein the reputation rating for the URL indicates whether the URL represents a potential security risk;
  
  providing, by the reputation server, the reputation rating for the URL to at least one additional computing device to enable the additional computing device to evaluate whether the URL represents the potential security risk.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented method of claim 1, wherein the web resource comprises a file.
  - 3. The computer-implemented method of claim 1, wherein the numeric computing-health score assigned to the computing device that previously accessed the URL is based at least in part on at least one of:
    - an evaluation of the performance of the computing device;
      
      an evaluation of the stability of the computing device;
      
      an evaluation of the state of security of the computing device.
  - 4. The computer-implemented method of claim 1, wherein generating the reputation rating for the URL further comprises generating the reputation rating for the URL based at least in part on at least one of:
    - the age of the URL;
      
      at least one attribute of a web domain associated with the URL;
      
      at least one attribute of the web resource identified by the URL;
      
      at least one attribute of a server associated with the URL;
      
      at least one attribute of a registrar associated with the URL.
  - 5. The computer-implemented method of claim 1, further comprising using, by the reputation server, the reputation rating of the URL to verify the accuracy of a separate trustworthiness classification assigned to the URL, wherein the separate trustworthiness classification assigned to the URL is based at least in part on an analysis of at least one attribute of the URL.
  - 6. The computer-implemented method of claim 5, wherein the attribute of the URL comprises at least one of:
    - the age of the URL;
      
      at least one attribute of a web domain associated with the URL;
      
      at least one attribute of the web resource identified by the URL;
      
      at least one attribute of a server associated with the URL;
      
      at least one attribute of a registrar associated with the URL.
  - 7. The computer-implemented method of claim 1, wherein identifying the numeric computing-health score assigned to the computing device within the computing community that previously accessed the URL comprises:
    - retrieving a list that identifies a plurality of computing devices known to have accessed the URL within the computing community;
      
      identifying a numeric computing-health score assigned to each of the plurality of computing devices identified in the list.
  - 8. The computer-implemented method of claim 7, wherein retrieving the list that identifies the plurality of computing devices known to have accessed the URL within the computing community comprises:
    - collecting, from the plurality of computing devices, a plurality of log files that identify each URL accessed by the plurality of computing devices over a period of time;
      
      updating the list to indicate that the plurality of computing devices within the computing community have accessed the URL.
  - 9. The computer-implemented method of claim 8, wherein collecting the plurality of log files from the plurality of computing devices comprises receiving the plurality of log files from security software that tracked and recorded each URL accessed by the plurality of computing devices over the period of time.
  - 10. The computer-implemented method of claim 1, wherein the computing community comprises a plurality of computing devices that represent a user base of a security-software publisher.
  - 11. The computer-implemented method of claim 1, wherein generating the reputation rating for the URL further comprises summing the weighted numeric computing-health score and the weighted number of computing devices to arrive at the reputation rating for the URL.

12. A system for generating reputation ratings for uniform resource locators, the system comprising:
- an identification module programmed to identify a uniform resource locator (URL) that identifies the location of at least one web resource;
  
  a reputation module programmed to;
  
  identify a numeric computing-health score assigned to at least one computing device within a computing community that has previously accessed the URL;
  
  identify a number of computing devices within the computing community that have previously accessed the URL;
  
  generate a reputation rating for the URL by;
  
  weighting the numeric computing-health score assigned to the computing device that has previously accessed the URL;
  
  weighting the number of computing devices within the computing community that have previously accessed the URL;
  
  generating the reputation rating for the URL based at least in part on the weighted numeric computing-health score assigned to the computing device and the weighted number of computing devices within the computing community that have previously accessed the URL, wherein the reputation rating for the URL indicates whether the URL represents a potential security risk;
  
  a communication module programmed to provide the reputation rating for the URL to at least one additional computing device to enable the additional computing device to evaluate whether the URL represents the potential security risk;
  
  at least one processor configured to execute at least one of the identification module, the reputation module, and the communication module.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The system of claim 12, wherein the numeric computing-health score assigned to the computing device that previously accessed the URL is based at least in part on at least one of:
    - an evaluation of the performance of the computing device;
      
      an evaluation of the stability of the computing device;
      
      an evaluation of the state of security of the computing device.
  - 14. The system of claim 12, wherein the reputation module generates the reputation rating for the URL further based at least in part on at least one of:
    - the age of the URL;
      
      at least one attribute of a web domain associated with the URL;
      
      at least one attribute of the web resource identified by the URL;
      
      at least one attribute of a server associated with the URL;
      
      at least one attribute of a registrar associated with the URL.
  - 15. The system of claim 12, further comprising a verification module programmed to use the reputation rating of the URL to verify the accuracy of a separate trustworthiness classification assigned to the URL, wherein the separate trustworthiness classification assigned to the URL is based at least in part on an analysis of at least one attribute of the URL.
  - 16. The system of claim 15, wherein the attribute of the URL comprises at least one of:
    - the age of the URL;
      
      at least one attribute of a web domain associated with the URL;
      
      at least one attribute of the web resource identified by the URL;
      
      at least one attribute of a server associated with the URL;
      
      at least one attribute of a registrar associated with the URL.

17. A computer-implemented method for determining whether uniform resource locators represent potential security risks, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- detecting, by the computing device, an attempt to access a uniform resource locator (URL) that identifies the location of at least one web resource;
  
  obtaining, by the computing device, a reputation rating for the URL from a reputation service, wherein the reputation rating for the URL is generated by;
  
  weighting a numeric computing-health score assigned to at least one additional computing device within a computing community that previously accessed the URL;
  
  weighting a number of computing devices within the computing community that have previously accessed the URL;
  
  generating the reputation rating for the URL based at least in part on the weighted numeric computing-health score assigned to the computing device and the weighted number of computing devices within the computing community that have previously accessed the URL, wherein the reputation rating for the URL indicates whether the URL represents a potential security risk;
  
  determining, by the computing device, that the URL represents the potential security risk based at least in part on the reputation rating;
  
  blocking, by the computing device, the attempt to access the URL.
- View Dependent Claims (18, 19)
- - 18. The computer-implemented method of claim 17, wherein the reputation rating obtained from the reputation service is further based at least in part on at least one of:
    - the age of the URL;
      
      at least one attribute of a web domain associated with the URL;
      
      at least one attribute of the web resource identified by the URL;
      
      at least one attribute of a server associated with the URL;
      
      at least one attribute of a registrar associated with the URL.
  - 19. The computer-implemented method of claim 17, further comprising using, by the computing device, the reputation rating obtained from the reputation service to verify the accuracy of a separate trustworthiness classification assigned to the URL, wherein the separate trustworthiness classification assigned to the URL is based at least in part on an analysis of at least one attribute of the URL.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Dubey, Himanshu
Primary Examiner(s)
Thiaw, Catherine
Assistant Examiner(s)
ZHAO, DON GORDON

Application Number

US13/101,472
Time in Patent Office

1,216 Days
Field of Search

726 1- 25, 726/251
US Class Current

726/22
CPC Class Codes

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/168   above the transport layer

Systems and methods for generating reputation-based ratings for uniform resource locators

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

79 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for generating reputation-based ratings for uniform resource locators

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links