Malicious advertisement detection and remediation
First Claim
Patent Images
1. A system for detecting malicious advertising content, comprising:
- a computer hardware processor;
a memory, accessible to the computer hardware processor, storing a network trace table and a module,wherein the network trace table is configured to store information from scanning advertisements;
wherein the module executes on the computer hardware processor and is configured to;
receive access to an advertisement in an ad network;
scan the advertisement to obtain scan information;
store the scan information in the network trace table;
determine, by the hardware processor using information stored in the network trace table, that the advertisement is a malicious advertisement;
in response to determining that the advertisement is a malicious advertisement;
locate other instances of the advertisement within other ad networks using the information stored in the network trace table;
cause the advertisement to cease being served in at least one of the other the ad networks;
update a historical rate of compromise for the ad network;
refine a threshold using the updated historical rate of compromise to obtain a refined threshold; and
modify the scan frequency of advertisements in the ad network based on the refined threshold.
4 Assignments
0 Petitions
Accused Products
Abstract
Detecting a malicious advertisement is disclosed. An advertisement is analyzed. A determination that the advertisement is associated with malicious activity is made. An indication that the advertisement is malicious is provided as output. The indication can be provided as a report, such as to a publisher and can also be provided using an API, such as to the entity responsible for serving the advertisement.
63 Citations
20 Claims
-
1. A system for detecting malicious advertising content, comprising:
-
a computer hardware processor; a memory, accessible to the computer hardware processor, storing a network trace table and a module, wherein the network trace table is configured to store information from scanning advertisements; wherein the module executes on the computer hardware processor and is configured to; receive access to an advertisement in an ad network; scan the advertisement to obtain scan information; store the scan information in the network trace table; determine, by the hardware processor using information stored in the network trace table, that the advertisement is a malicious advertisement; in response to determining that the advertisement is a malicious advertisement; locate other instances of the advertisement within other ad networks using the information stored in the network trace table; cause the advertisement to cease being served in at least one of the other the ad networks; update a historical rate of compromise for the ad network; refine a threshold using the updated historical rate of compromise to obtain a refined threshold; and modify the scan frequency of advertisements in the ad network based on the refined threshold. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for detecting malicious advertising content, comprising:
-
receiving access to an advertisement in an ad network; scanning the advertisement to obtain scan information; storing the scan information in the network trace table; determining, by a hardware processor using information stored in the network trace table, that the advertisement is a malicious advertisement; in response to determining that the advertisement is a malicious advertisement; locating other instances of the advertisement within other ad networks using the information stored in the network trace table; causing the advertisement to cease being served in at least one of the other the ad networks; updating a historical rate of compromise for the ad network; refining a threshold using the updated historical rate of compromise to obtain a refined threshold; and modifying the scan frequency of advertisements in the ad network based on the refined threshold. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer readable medium comprising computer readable program code, which when executed by a computer processor, enables the computer processor to:
-
receive access to an advertisement in an ad network; scan the advertisement to obtain scan information; store the scan information in the network trace table; determine, using information stored in the network trace table, that the advertisement is a malicious advertisement; in response to determining that the advertisement is a malicious advertisement; locate other instances of the advertisement within other ad networks using the information stored in the network trace table; cause the advertisement to cease being served in at least one of the other the ad networks; update a historical rate of compromise for the ad network; refine a threshold using the updated historical rate of compromise to obtain a refined threshold; and modify the scan frequency of advertisements in the ad network based on the refined threshold. - View Dependent Claims (20)
-
Specification