Domain classification based on client request behavior
First Claim
1. A method of processing communication in a computer network, comprising:
- processing network traffic by web server or a nameserver to determine information related to requests from a plurality of clients for a plurality of domains, the information including for each client a set of domains associated with requests from the client and including for each domain a set of clients associated with requests for the domain;
generating by an application server security rankings for the plurality of clients based on a predetermined classification for one or more of the plurality of domains and an iterative determination using a security ranking for the plurality of domains, wherein the security ranking for each client is determined from the set of domains associated with the client;
generating by the application server the security rankings for the plurality of domains based on the security ranking for the plurality of clients, wherein the security ranking for each domain is based on the security rankings of the set of clients associated with requests for the each domain;
generating by the application server a domain classification for the plurality of domains based on the security rankings of the plurality of domains; and
processing additional network traffic by the web server or the nameserver using the domain classification for the plurality of domains.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for domain classification using the network request behavior of clients are provided. The network requests of a plurality of clients are analyzed to determine a domain corresponding to each request. This information can be used to associate a set of domains with each individual client. Because of the reciprocal nature of a network request, the information is also used to associate a set of clients with each individual domain. Within the plurality of domains associated with the plurality of clients, there may exist known domains having a classification and unknown domains having no classification. Based on the correlation of clients and domains from their respective associations, the system generates domain classification information for at least one of the unknown domains.
102 Citations
24 Claims
-
1. A method of processing communication in a computer network, comprising:
-
processing network traffic by web server or a nameserver to determine information related to requests from a plurality of clients for a plurality of domains, the information including for each client a set of domains associated with requests from the client and including for each domain a set of clients associated with requests for the domain; generating by an application server security rankings for the plurality of clients based on a predetermined classification for one or more of the plurality of domains and an iterative determination using a security ranking for the plurality of domains, wherein the security ranking for each client is determined from the set of domains associated with the client; generating by the application server the security rankings for the plurality of domains based on the security ranking for the plurality of clients, wherein the security ranking for each domain is based on the security rankings of the set of clients associated with requests for the each domain; generating by the application server a domain classification for the plurality of domains based on the security rankings of the plurality of domains; and processing additional network traffic by the web server or the nameserver using the domain classification for the plurality of domains. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of managing user requests for domain-related resources, comprising:
-
accessing information related to network requests from a plurality of clients for a plurality of domains, the information including for each client a set of domains associated with network requests from the each client and including for each domain a set of clients associated with network requests for the each domain; generating a security ranking for the plurality of clients, the security ranking generated for each client being based on the set of domains associated with the each client; generating a security ranking for the plurality of domains, the security ranking generated for each domain is based on aggregating the security racking for each client associated with requests for the each domain; receiving by a web server or an application server a first network request associated with a first domain of the plurality of domains; and generating by the web server or the application server a first reply to the first network request associated with the first domain based on the security ranking of the first domain. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A computer readable storage medium having computer readable instructions for programming a processor to perform a method of domain classification, the method comprising:
-
accessing information related to network requests from a plurality of clients for a plurality of domains, the information including a group of domains associated with each client and a group of clients associated with each domain, the plurality of domains including a first set of domains having a known security classification and a second set of domains having an unknown security classification; initializing a security ranking for the first set of domains based on the known security classification; iteratively generating a security ranking for the plurality of clients, the security ranking generated for each client being based on the security rankings of each domain in the group of domains associated with the each client, wherein iteratively generating the security ranking for each client comprises testing for convergence of the security ranking for the each client; iteratively generating a security ranking for the plurality of domains, the security ranking generated for each domain being based on the security rankings of each client in the group of clients associated with the each domain; and generating a domain classification for the second set of domains based on a corresponding security ranking; and processing network traffic by a web server or a nameserver using the domain classification for the second set of domains. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A system for generating domain information, comprising:
-
at least one storage device including information related to network requests from a plurality of clients for a plurality of domains, the information including for each client a group of domains associated with requests from the client and including for each domain a group of clients associated with requests for the domain; and a processor in communication with the at least one storage device, the processor executes computer readable instructions to generate security rankings for the plurality of clients based on a predetermined classification of a first set of the plurality of domains, generate security rankings for the plurality of domains based on the security ranking for the plurality of clients, generate a domain classification for a second set of the plurality of domains based on the security rankings of the second set of the plurality of domains, and process network traffic using the domain classification for the second set of the plurality of domains; wherein the security ranking for each client is determined from the group of domains associated with the client; and wherein the security ranking for each domain is based on a summation of the security rankings of the group of clients associated with requests for the each domain. - View Dependent Claims (24)
-
Specification