Systems and methods for generating reputation-based ratings for uniform resource locators

US 9,258,316 B1
Filed: 07/29/2014
Issued: 02/09/2016
Est. Priority Date: 05/05/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for generating reputation-based ratings for uniform resource locators, at least a portion of the method being performed by a reputation server comprising at least one processor, the method comprising:

identifying, by the reputation server, a Uniform Resource Locator (URL) that identifies a location of at least one web resource;

identifying, by the reputation server, at least one reputation rating assigned to the web resource identified by the URL, wherein the reputation rating assigned to the web resource indicates whether the web resource is potentially malicious;

generating, by the reputation server, a reputation score for the URL that indicates whether the URL represents a potential security risk, wherein generating the reputation score for the URL comprises generating the reputation score for the URL based at least in part on;

the reputation rating assigned to the web resource identified by the URL;

numeric computing-health scores assigned to computing devices within a computing community that previously accessed the URL;

the number of computing devices within the computing community that have previously accessed the URL;

providing, by the reputation server, the reputation score for the URL to at least one additional computing device to enable the additional computing device to evaluate whether the URL represents a potential security risk.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An exemplary computer-implemented method for generating reputation ratings for URLs may include (1) identifying a URL that identifies the location of at least one web resource, (2) identifying the computing health of at least one member of a computing community that has accessed the URL, (3) generating, based at least in part on the computing health of the member(s) that accessed the URL, a reputation rating for the URL that indicates whether the URL represents a potential security risk, and then (4) providing the reputation rating for the URL to at least one additional computing device to enable the additional computing device to evaluate whether the URL represents a potential security risk. In addition, a client-side, computer-implemented method for determining whether a URL represents a potential security risk may be based at least in part on such a reputation rating. Various other methods, systems, and computer-readable media are also disclosed.

Citations

18 Claims

1. A computer-implemented method for generating reputation-based ratings for uniform resource locators, at least a portion of the method being performed by a reputation server comprising at least one processor, the method comprising:
- identifying, by the reputation server, a Uniform Resource Locator (URL) that identifies a location of at least one web resource;
  
  identifying, by the reputation server, at least one reputation rating assigned to the web resource identified by the URL, wherein the reputation rating assigned to the web resource indicates whether the web resource is potentially malicious;
  
  generating, by the reputation server, a reputation score for the URL that indicates whether the URL represents a potential security risk, wherein generating the reputation score for the URL comprises generating the reputation score for the URL based at least in part on;
  
  the reputation rating assigned to the web resource identified by the URL;
  
  numeric computing-health scores assigned to computing devices within a computing community that previously accessed the URL;
  
  the number of computing devices within the computing community that have previously accessed the URL;
  
  providing, by the reputation server, the reputation score for the URL to at least one additional computing device to enable the additional computing device to evaluate whether the URL represents a potential security risk.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1, wherein:
    - the web resource comprises a file;
      
      the reputation rating assigned to the web resource comprises a reputation rating assigned to the file.
  - 3. The computer-implemented method of claim 2, wherein:
    - identifying the reputation rating assigned to the web resource identified by the URL comprises determining, based at least in part on the reputation rating assigned to the file, that the reputation of the file is low;
      
      generating the reputation score for the URL comprises generating a reputation score for the URL that is low due at least in part to the low reputation of the file, wherein the low reputation score for the URL indicates that the URL likely represents a security risk.
  - 4. The computer-implemented method of claim 2, wherein:
    - identifying the reputation rating assigned to the web resource identified by the URL comprises determining, based at least in part on the reputation rating assigned to the file, that the reputation of the file is high;
      
      generating the reputation score for the URL comprises generating a reputation score for the URL that is high due at least in part to the high reputation of the file, wherein the high reputation score for the URL indicates that the URL is unlikely to represent a security risk.
  - 5. The computer-implemented method of claim 1, further comprising identifying at least a portion of the numeric computing-health scores assigned to the computing devices that previously accessed the URL by:
    - retrieving a list that identifies a plurality of computing devices known to have accessed the URL within the computing community;
      
      identifying a numeric computing-health score assigned to each of the plurality of computing devices identified in the list.
  - 6. The computer-implemented method of claim 5, wherein retrieving the list that identifies the plurality of computing devices known to have accessed the URL within the computing community comprises:
    - collecting, from the plurality of computing devices, a plurality of log files that identify each URL accessed by the plurality of computing devices over a period of time;
      
      updating the list to indicate that the plurality of computing devices within the computing community have accessed the URL.
  - 7. The computer-implemented method of claim 1, further comprising using, by the reputation server, the reputation score of the URL to verify the accuracy of a separate trustworthiness classification assigned to the URL, wherein the separate trustworthiness classification assigned to the URL is based at least in part on an analysis of at least one attribute of the URL.
  - 8. The computer-implemented method of claim 7, wherein the attribute of the URL comprises at least one of:
    - the age of the URL;
      
      at least one attribute of a web domain associated with the URL;
      
      at least one attribute of the web resource identified by the URL;
      
      at least one attribute of a server associated with the URL;
      
      at least one attribute of a registrar associated with the URL.

9. A system for generating reputation ratings for uniform resource locators, the system comprising:
- an identification module, stored in memory, that identifies a Uniform Resource Locator (URL) that identifies a location of at least one web resource;
  
  a reputation module, stored in memory, that;
  
  identifies at least one reputation rating assigned to the web resource identified by the URL, wherein the reputation rating assigned to the web resource indicates whether the web resource is potentially malicious;
  
  generates a reputation score for the URL that indicates whether the URL represents a potential security risk, wherein generating the reputation score for the URL comprises generating the reputation score for the URL based at least in part on;
  
  the reputation rating assigned to the web resource identified by the URL;
  
  numeric computing-health scores assigned to computing devices within a computing community that previously accessed the URL;
  
  the number of computing devices within the computing community that have previously accessed the URL;
  
  a communication module, stored in memory, that provides the reputation score for the URL to at least one additional computing device to enable the additional computing device to evaluate whether the URL represents a potential security risk;
  
  at least one physical processor that executes at least one of the identification module, the reputation module, and the communication module.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein:
    - the web resource comprises a file,the reputation rating assigned to the web resource comprises a reputation rating assigned to the file.
  - 11. The system of claim 10, wherein:
    - the identification module determines, based at least in part on the reputation rating assigned to the file, that the reputation of the file is low;
      
      the reputation module generates a reputation score for the URL that is low due at least in part to the low reputation of the file, wherein the low reputation score for the URL indicates that the URL likely represents a security risk.
  - 12. The system of claim 10, wherein:
    - the identification module determines, based at least in part on the reputation rating assigned to the file, that the reputation of the file is high;
      
      the reputation module generates a reputation score for the URL that is high due at least in part to the high reputation of the file, wherein the high reputation score for the URL indicates that the URL likely represents a security risk.
  - 13. The system of claim 9, wherein the identification module identifies the numeric computing-health scores assigned to the computing devices that previously accessed the URL by:
    - retrieving a list that identifies a plurality of computing devices known to have accessed the URL within the computing community;
      
      identifying a numeric computing-health score assigned to each of the plurality of computing devices identified in the list.
  - 14. The system of claim 13, wherein the identification module retrieves the list that identifies the plurality of computing devices known to have accessed the URL within the computing community by:
    - collecting, from the plurality of computing devices, a plurality of log files that identify each URL accessed by the plurality of computing devices over a period of time;
      
      updating the list to indicate that the plurality of computing devices within the computing community have accessed the URL.
  - 15. The system of claim 9, further comprising a verification module, stored in memory, that uses the reputation rating of the URL to verify the accuracy of a separate trustworthiness classification assigned to the URL, wherein the separate trustworthiness classification assigned to the URL is based at least in part on an analysis of at least one attribute of the URL;
    - wherein the processor further executes the verification module.
  - 16. The system of claim 15, wherein the attribute of the URL comprises at least one of:
    - the age of the URL;
      
      at least one attribute of a web domain associated with the URL;
      
      at least one attribute of the web resource identified by the URL;
      
      at least one attribute of a server associated with the URL;
      
      at least one attribute of a registrar associated with the URL.

17. A computer-implemented method for determining whether uniform resource locators represent potential security risks, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- detecting, by the computing device, an attempt to access a Uniform Resource Locator (URL) that identifies a location of at least one web resource;
  
  obtaining, by the computing device, a reputation score for the URL from a reputation service, wherein the reputation score for the URL indicates whether the URL represents a potential security risk and is based at least in part on;
  
  at least one reputation rating assigned to the web resource identified by the URL, wherein the reputation rating assigned to the web resource indicates whether the web resource is potentially malicious;
  
  numeric computing-health scores assigned to computing devices within a computing community that previously accessed the URL;
  
  the number of computing devices within the computing community that have previously accessed the URL;
  
  determining, by the computing device, that the URL represents a potential security risk based at least in part on the reputation score for the URL;
  
  blocking, by the computing device, the attempt to access the URL.
- View Dependent Claims (18)
- - 18. The computer-implemented method of claim 17, wherein the web resource comprises a file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Dubey, Himanshu
Primary Examiner(s)
Thiaw, Catherine
Assistant Examiner(s)
ZHAO, DON GORDON

Application Number

US14/445,631
Time in Patent Office

560 Days
Field of Search

726/22
US Class Current

1/1
CPC Class Codes

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/168   above the transport layer

Systems and methods for generating reputation-based ratings for uniform resource locators

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for generating reputation-based ratings for uniform resource locators

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links