System policy violation detection

US 9,009,834 B1
Filed: 09/24/2009
Issued: 04/14/2015
Est. Priority Date: 09/24/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of testing an advertisement for policy violations in a computer system test environment, the method comprising:

receiving, in a first computer system, an advertisement to be tested, the advertisement being available for presentation by the first computer system and hosted by a second computer system different from the first computer system;

simulating, in the first computer system, display of a visual representation of the advertisement, wherein the visual representation is selectable by a user and wherein the advertisement is associated with an executable code snippet;

receiving, in the first computer system, a simulated user click on the visual representation of the advertisement;

executing, in the first computer system, the executable code snippet;

monitoring, in the first computer system, redirection operations and latency associated with the executable code snippet;

in response to monitoring the redirection operations associated with the executable code snippet, calculating a redirection score based on the first computer system requesting first content from a second computer system associated with malware and requesting second content from a third computer system not associated with malware;

in response to monitoring the latency associated with the executable code snippet, calculating a latency score based on an amount that the first computer system slows after executing the executable code snippet;

calculating an overall score for the advertisement based at least in part on the redirection score and the latency score; and

validating the advertisement for service to users based on the overall score.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a computer-implemented method, a digital content item to be tested is received. A display of a visual representation of the digital content item is simulated, where the visual representation is selectable and the digital content item is associated with a code snippet that is executed when the visual representation is selected. A simulated user click on the visual representation is received and the code snippet is executed in response. Processing actions of the code snippet are monitored, and it is determined whether the processing actions violate one or more predetermined system policies indicative of a content item unsuitable for service. A score for the code snippet is calculated based on one or more violations of the one or more predetermined system policies. The digital content item is suspended to prevent service of the digital content item if the score exceeds a predetermined threshold score, and validated for service otherwise.

78 Citations

View as Search Results

18 Claims

1. A computer-implemented method of testing an advertisement for policy violations in a computer system test environment, the method comprising:
- receiving, in a first computer system, an advertisement to be tested, the advertisement being available for presentation by the first computer system and hosted by a second computer system different from the first computer system;
  
  simulating, in the first computer system, display of a visual representation of the advertisement, wherein the visual representation is selectable by a user and wherein the advertisement is associated with an executable code snippet;
  
  receiving, in the first computer system, a simulated user click on the visual representation of the advertisement;
  
  executing, in the first computer system, the executable code snippet;
  
  monitoring, in the first computer system, redirection operations and latency associated with the executable code snippet;
  
  in response to monitoring the redirection operations associated with the executable code snippet, calculating a redirection score based on the first computer system requesting first content from a second computer system associated with malware and requesting second content from a third computer system not associated with malware;
  
  in response to monitoring the latency associated with the executable code snippet, calculating a latency score based on an amount that the first computer system slows after executing the executable code snippet;
  
  calculating an overall score for the advertisement based at least in part on the redirection score and the latency score; and
  
  validating the advertisement for service to users based on the overall score.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented method of claim 1, wherein the executable code snippet is not executed until the advertisement is clicked on.
  - 3. The computer-implemented method of claim 1, wherein the calculating the latency score based on an amount that the first computer system slows after executing the executable code snippet comprises determining an amount of time for the first computer system to load a web page after executing the executable code snippet.
  - 4. The computer-implemented method of claim 3, wherein calculating the latency score based on the amount that the first computer system slows after executing the executable code snippet comprises comparing the amount of time for the first computer system to load a web page after executing the executable code snippet to the amount of time for the first computer system to load the web page before executing the executable code snippet.
  - 5. The computer-implemented method of claim 1, further comprising determining whether a file system configuration of the first computer system is changed, andwherein the overall score for the advertisement is based further on determining whether the file system configuration of the first computer system is changed.
  - 6. The computer-implemented method of claim 1, further comprising determining whether an application is launched on the first computer system, andwherein the overall score for the advertisement is based further on determining whether the application is launched on the first computer system.
  - 7. The computer-implemented method of claim 1, further comprising determining whether a payload received at the first computer system includes a virus, andwherein the overall score for the advertisement is based further on determining whether the payload received at the first computer system includes a virus.
  - 8. The computer-implemented method of claim 1, wherein simulating, in the first computer system, display of a visual representation of the advertisement comprises displaying the visual representation on a display device of the first computer system.
  - 9. The computer-implemented method of claim 1, comprising:
    - monitoring, in the first computer system, an execution associated with the executable code snippet by a fourth computer system; and
      
      calculating, based on the execution associated with the executable code snippet by the fourth computer system, a second redirection score and a second latency score, andwherein calculating an overall score for the advertisement is further based on the second redirection score and the second latency score.
  - 10. The computer-implemented method of claim 1, wherein the requesting the first content from the second computer system associated with malware is weighted more than the requesting the second content from the third computer system not associated with malware.

11. A system for testing an advertisement for policy violations, comprising:
- an interface module comprising a processor configured to receive in a first computer system an advertisement to be tested, the advertisement being available for presentation by the computer system and hosted by a second computer system different from the first computer system;
  
  an interaction module comprising a processor configured to;
  
  simulate, in the first computer system, display of a visual representation of the advertisement, wherein the visual representation is selectable by a user and wherein the advertisement is associated with an executable code snippet; and
  
  receive, at the first computer system, a simulated user click on the visual representation of the advertisement; and
  
  execute, in the first computer system, the executable code snippet;
  
  a testing module comprising a processor configured to;
  
  monitor, in the first computer system, redirection operations and latency associated with the executable code snippet,in response to monitoring the redirection operations associated with the executable code snippet, calculate a redirection score based on the first computer system requesting first content from a second computer system associated with malware and requesting second content from a third computer system not associated with malware, wherein the requesting the first content from the second computer system associated with malware is weighted more than the requesting the second content from the third computer system not associated with malware;
  
  in response to monitoring the latency associated with the executable code snippet, calculate a latency score based on an amount that the first computer system slows after executing the executable code snippet; and
  
  calculate an overall score for the advertisement based at least in part on the redirection score and the latency score; and
  
  a validation module comprising a processor configured to validate the advertisement for service to users based on the overall score.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The system of claim 11, wherein the executable code snippet is not executed until the advertisement is clicked on.
  - 13. The system of claim 11, wherein the testing module configured calculate the latency score based on the amount that the first computer system slows after executing the executable code snippet is further configured to determine an amount of time for the first computer system to load a web page after executing the executable code snippet.
  - 14. The system of claim 13, wherein the testing module configured to calculate the latency score based on the amount that the first computer system slows after executing the executable code snippet is further configured to compare the amount of time for the first computer system to load a web page after executing the executable code snippet to the amount of time for the first computer system to load the web page before executing the executable code snippet.
  - 15. The system of claim 11, wherein the testing module is further configured to determine whether a file system configuration of the first computer system is changed, andwherein the overall score for the advertisement is based further on determining whether the file system configuration of the first computer system is changed.
  - 16. The system of claim 11, wherein the testing module is further configured to determine whether an application is launched on the first computer system, andwherein the overall score for the advertisement is based further on determining whether the application is launched on the first computer system.
  - 17. The system of claim 11, wherein the testing module is further configured to determine whether a payload received at the first computer system includes a virus, andwherein the overall score for the advertisement is based further on determining whether the payload received at the first computer system includes a virus.
  - 18. The system of claim 11, wherein simulating, in the first computer system, display of a visual representation of the advertisement comprises displaying the visual representation on a display device of the first computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Ren, Jie, Provos, Niels, Harvey, Sean, Fisher, Oliver G., Jagpal, Navdeep S., Sun, Qi
Primary Examiner(s)
ZAIDI, SYED A

Application Number

US12/566,439
Time in Patent Office

2,028 Days
Field of Search

726/24, 713/182, 709/224
US Class Current

726/24
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/554   involving event detection a...

G06F 21/56   Computer malware detection ...

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/6209   to a single file or object,...

G06F 2221/2149   Restricted operating enviro...

G06Q 30/0277   Online advertisement

H04L 63/145   the attack involving the pr...

H04L 63/1483   service impersonation, e.g....

System policy violation detection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

78 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System policy violation detection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links