Dynamic categorization of network resources

US 9,444,765 B2
Filed: 10/12/2015
Issued: 09/13/2016
Est. Priority Date: 11/18/2014
Status: Active Grant

First Claim

Patent Images

1. A computing device for categorizing a plurality of network resources, the computing device interfaced with a computer network and including computing hardware of at least one processor, data storage, and input/output facilities, and an operating system implemented on the computing hardware, and instructions executable on the computing device comprising:

a subcategory assessment engine configured to obtain subcategory assignment data from one or more security components for one of the plurality of network resources and generate a subcategory assessment;

a content evaluator engine configured to evaluate content of the network resource and generate a preliminary content evaluation;

a category comparator engine configured to compare the subcategory assessment and the preliminary content evaluation against pre-defined category criteria and one or more criteria thresholds and output a set of one or more categories assigned to the network resource; and

a re-categorization controller engine operably coupled to the subcategory assessment engine, the content evaluator engine, and the category comparator engine and configured toreceive a list of categorization intervals, the list of categorization intervals including a category re-assignment interval for each network resource,check the passage of time against each category re-assignment interval, andupon the passage of time of the category re-assignment interval for each network resource, initiate a re-categorization by utilizing the subcategory assessment engine, the content evaluator engine, and the category comparator engine.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System and method for categorizing a plurality of network resources. Collected properties of a network resource are analyzed to determine applicability of various predefined categories to that network resource. At least one category from among the predefined categories is assigned to that network resource according to a determination of applicability of the at least one category to the network resource. A resource-specific time interval for re-categorizing each one of the network resources is dynamically adjusted based on a plurality of previous categorization results for that network resource, such that different network resources will be associated with correspondingly different re-categorization intervals.

49 Citations

20 Claims

1. A computing device for categorizing a plurality of network resources, the computing device interfaced with a computer network and including computing hardware of at least one processor, data storage, and input/output facilities, and an operating system implemented on the computing hardware, and instructions executable on the computing device comprising:
- a subcategory assessment engine configured to obtain subcategory assignment data from one or more security components for one of the plurality of network resources and generate a subcategory assessment;
  
  a content evaluator engine configured to evaluate content of the network resource and generate a preliminary content evaluation;
  
  a category comparator engine configured to compare the subcategory assessment and the preliminary content evaluation against pre-defined category criteria and one or more criteria thresholds and output a set of one or more categories assigned to the network resource; and
  
  a re-categorization controller engine operably coupled to the subcategory assessment engine, the content evaluator engine, and the category comparator engine and configured toreceive a list of categorization intervals, the list of categorization intervals including a category re-assignment interval for each network resource,check the passage of time against each category re-assignment interval, andupon the passage of time of the category re-assignment interval for each network resource, initiate a re-categorization by utilizing the subcategory assessment engine, the content evaluator engine, and the category comparator engine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computing device of claim 1, wherein each network resource comprises an individually-determined category re-assignment interval.
  - 3. The computing device of claim 1, further comprising instructions executable on the computing device to implement:
    - a category change probability calculation engine operably coupled to a category re-definition interval calculation engine, wherein the network resource category change probability calculation engine is configured to read categorization history for each network resource, and, based on the categorization history, to compute a probability of categorization change, and wherein the category redefinition interval calculation engine is configured to compute a new network resource-specific re-categorization interval based on the probability of categorization change.
  - 4. The computing device of claim 3, wherein the probability of a transition of categorization change from a first state to a second state is determined by the ratio of time in the second state to a total network resource operation monitoring time.
  - 5. The computing device of claim 1, further comprising instructions executable on the computing device to cause the computing device to implement a category normalization engine configured to evaluate the set of one or more categories and output a normalized result as desirable or undesirable.
  - 6. The computing device of claim 5, wherein the category normalization engine is configured to evaluate the set of one or more categories based on a list of desirable categories and a list of undesirable categories.
  - 7. The computing device of claim 1, wherein the content evaluator engine is configured to evaluate the content of the network resource by an AI engine or an evaluation of the content of the network resource against an evaluator rule set.
  - 8. The computing device of claim 1, wherein the computing device is operably coupled to a database configured to store the set of one or more categories assigned to the network resource.

9. A machine-implemented method for categorizing a plurality of network resources, the method comprising:
- assigning, by a network resource category assignment engine, a network resource category for one of the plurality of network resources;
  
  assigning, upon initial operation of the network resource category assignment engine, a minimum interval for a network resource category interval for the network resource category;
  
  determining if the network resource category assignment engine assigned a malicious category to the network resource, and if a malicious category is assigned, assigning the minimum interval for the network resource category interval;
  
  calculating a new network resource category interval based on a computed probability of change to an undesirable category; and
  
  assigning the new network resource category interval to the network resource category interval for a subsequent re-assignment of the network resource category.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The machine-implemented method for categorizing a plurality of network resources of claim 9, further comprising:
    - if no malicious category is assigned to the network resource, determining a content suitability of the network resource; and
      
      if the content suitability of the network resource is determined to be unsuitable, assigning a second minimum interval for the network resource category interval.
  - 11. The machine-implemented method for categorizing a plurality of network resources of claim 10, wherein the minimum interval and the second minimum interval are the same.
  - 12. The machine-implemented method for categorizing a plurality of network resources of claim 10, wherein the minimum interval and the second minimum interval are different.
  - 13. The machine-implemented method for categorizing a plurality of network resources of claim 10, wherein the undesirable category is based on at least one of content suitability or maliciousness.
  - 14. The machine-implemented method for categorizing a plurality of network resources of claim 9, wherein if the subsequent re-assignment of the network resource category does not change the category, the new network resource category interval is greater than a previous network resource category interval.
  - 15. The machine-implemented method for categorizing a plurality of network resources of claim 9, wherein if the subsequent re-assignment of the network resource category changes the category, the new network resource category interval is less than a previous network resource category interval.
  - 16. The machine-implemented method for categorizing a plurality of network resources of claim 9, wherein the computed probability of change to an undesirable category is based on a ratio of durations during which various categories have been assigned to the network resource.
  - 17. The machine-implemented method for categorizing a plurality of network resources of claim 9, wherein the new network resource category interval is bound by a maximum limit and a minimum limit.

18. An improved computer implementing a multithreaded operating system for categorizing a plurality of network resources, the multithreaded operating system including a scheduler configured to schedule at least one thread for execution of operating system processes, wherein the improvement comprises:
- assigning, with at least one thread, a category from a set of predefined categories to one of the plurality of network resources, the set of predefined categories including categories of varying degrees of maliciousness to the computer;
  
  assigning, with at least one thread, a resource-specific category reassignment interval to one of the plurality of network resources;
  
  dynamically adjusting, with at least one thread, the resource-specific category reassignment interval; and
  
  based on the resource-specific category reassignment interval, re-categorizing, with at least one thread, each of the plurality of network resources,wherein different network resources are associated with correspondingly different reassignment intervals.
- View Dependent Claims (19, 20)
- - 19. The improved computer of claim 18, wherein dynamically adjusting the resource-specific category reassignment interval comprises analyzing a history of previous categorization results for the network resource, and wherein a new category reassignment interval is assigned based on a probability of categorization change.
  - 20. The improved computer of claim 18, wherein the probability of categorization change is based on a ratio of durations during which various categories have been assigned to the network resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lab A.O. Kaspersky
Original Assignee
Lab A.O. Kaspersky
Inventors
Kolotinsky, Evgeny B., Skvortsov, Vladimir A.
Primary Examiner(s)
Whipple, Brian P

Application Number

US14/880,874
Publication Number

US 20160142337A1
Time in Patent Office

337 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 43/12   Network monitoring probes

H04L 43/14   using software, i.e. softwa...

H04L 47/781   Centralised allocation of r...

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

Dynamic categorization of network resources

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic categorization of network resources

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links