Systems and methods for enforcing policies in the discovery of anonymizing proxy communications

US 9,734,125 B2
Filed: 02/11/2009
Issued: 08/15/2017
Est. Priority Date: 02/11/2009
Status: Active Grant

First Claim

Patent Images

1. A computer program product for enforcing policies with respect to anonymizer proxy communications, the computer program product comprising computer-executable code embodied in a non-transitory computer readable medium that, when executing on one or more computers, performs the steps of:

analyzing, at a web gateway for an enterprise network, website HTML content that is retrieved based on a website request from a computing facility within the enterprise network by looking for patterns within the website HTML content that are similar to patterns found in a known non-proxy website'"'"'s HTML content through inspecting website page structure and the website HTML content delivered;

in response to finding a similar pattern between the requested website and the known non-proxy website, comparing the requested website'"'"'s identifier with an identifier of the known non-proxy website;

in response to finding a mismatch between the two website identifiers, categorizing at least a portion of the requested website'"'"'s identifier as associated with an anonymizer proxy used to indirectly access network content outside the enterprise network while obscuring a sender or receiver of information, wherein categorizing at least a portion of the requested website'"'"'s identifier as a suspect proxy website identifier involves determining a longest common portion of URLs requested of the requested website and categorizing the longest common portion as indicative of a proxy website; and

blocking access by the computing facility to content at the requested website'"'"'s identifier according to the policy for anonymizer proxy communications.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In embodiments of the present invention improved capabilities are described for systems and methods that enforce policies with respect to proxy communications.

Citations

18 Claims

1. A computer program product for enforcing policies with respect to anonymizer proxy communications, the computer program product comprising computer-executable code embodied in a non-transitory computer readable medium that, when executing on one or more computers, performs the steps of:
- analyzing, at a web gateway for an enterprise network, website HTML content that is retrieved based on a website request from a computing facility within the enterprise network by looking for patterns within the website HTML content that are similar to patterns found in a known non-proxy website'"'"'s HTML content through inspecting website page structure and the website HTML content delivered;
  
  in response to finding a similar pattern between the requested website and the known non-proxy website, comparing the requested website'"'"'s identifier with an identifier of the known non-proxy website;
  
  in response to finding a mismatch between the two website identifiers, categorizing at least a portion of the requested website'"'"'s identifier as associated with an anonymizer proxy used to indirectly access network content outside the enterprise network while obscuring a sender or receiver of information, wherein categorizing at least a portion of the requested website'"'"'s identifier as a suspect proxy website identifier involves determining a longest common portion of URLs requested of the requested website and categorizing the longest common portion as indicative of a proxy website; and
  
  blocking access by the computing facility to content at the requested website'"'"'s identifier according to the policy for anonymizer proxy communications.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The computer program product of claim 1, wherein the known non-proxy web site is one of a plurality of known non-proxy web sites that have been predetermined as known non-proxy web sites.
  - 3. The computer program product of claim 2, wherein signature content from the plurality of known non-proxy websites is stored in a database and the analysis involves retrieving the signature content and comparing the signature content to content derived from the retrieved website.
  - 4. The computer program product of claim 3, wherein the signature content is prioritized based on the non-proxy websites popularity such that more popular signature content is used in the analysis before less popular content.
  - 5. The computer program product of claim 1, wherein the step of analyzing the website HTML content that is retrieved based on the website request further comprises:
    - analyzing a plurality of content, retrieved based on a plurality of requests made by the requested website, for a significant number of content portions that include patterns matching the known non-proxy website.
  - 6. The computer program product of claim 1, wherein the step of looking for patterns within the website HTML content that are similar to patterns found in the known non-proxy website'"'"'s HTML content involves comparing text associated with the two websites for similarities.
  - 7. The computer program product of claim 1, wherein the step of looking for patterns within the website HTML content that are similar to patterns found in the known non-proxy web site'"'"'s HTML content involves comparing copyright messages associated with the two websites for similarities.
  - 8. The computer program product of claim 1, wherein the step of looking for patterns within the website HTML content that are similar to patterns found in the known non-proxy website'"'"'s HTML content involves comparing comments within HTML associated with the two websites for similarities.
  - 9. The computer program product of claim 1, wherein the step of looking for patterns within the website HTML content that are similar to patterns found in the known non-proxy website'"'"'s HTML content involves comparing class names associated with the two websites for similarities.
  - 10. The computer program product of claim 1, wherein the step of looking for patterns within the website HTML content that are similar to patterns found in the known non-proxy web site'"'"'s HTML content involves comparing script components associated with the two websites for similarities.
  - 11. The computer program product of claim 1, wherein the step of looking for patterns within the website HTML content that are similar to patterns found in the known non-proxy website'"'"'s HTML content involves comparing images associated with the two websites for similarities.
  - 12. The computer program product of claim 1, wherein the step of looking for patterns within the website HTML content that are similar to patterns found in the known non-proxy website'"'"'s HTML content involves comparing links associated with the two websites for similarities.
  - 13. The computer program product of claim 1, wherein the step of looking for patterns within the website HTML content that are similar to patterns found in the known non-proxy website'"'"'s HTML content involves comparing style elements associated with the two websites for similarities.
  - 14. The computer program product of claim 1, wherein the step of looking for patterns within the website HTML content that are similar to patterns found in the known non-proxy website'"'"'s HTML content involves comparing client side executable content associated with the two websites for similarities.
  - 15. The computer program product of claim 1, wherein the patterns are characterized as checksums.
  - 16. The computer program product of claim 1 wherein the requested website'"'"'s identifier includes a Uniform Resource Locator.

17. A method for enforcing policies with respect to anonymizer proxy communications, the method comprising:
- analyzing, at a web gateway for an enterprise network, website HTML content that is retrieved based on a website request from a computing facility within the enterprise network by looking for patterns within the website HTML content that are similar to patterns found in a known non-proxy website'"'"'s HTML content through inspecting website page structure and the website HTML content delivered;
  
  in response to finding a similar pattern between the requested website and the known non-proxy website, comparing the requested website'"'"'s identifier with an identifier of the known non-proxy website;
  
  in response to finding a mismatch between the two website identifiers, categorizing at least a portion of the requested website'"'"'s identifier as associated with an anonymizer proxy used to indirectly access network content outside the enterprise network while obscuring a sender or receiver of information, wherein categorizing at least a portion of the requested website'"'"'s identifier as a suspect website identifier involves determining a longest common portion of URLs requested of the requested website and categorizing the longest common portion as indicative of a proxy website; and
  
  blocking access by the computing facility to content at the requested website'"'"'s identifier according to the policy for anonymizer proxy communications.
- View Dependent Claims (18)
- - 18. The method of claim 17, wherein the known non-proxy website is one of a plurality of known non-proxy web sites that have been predetermined as known non-proxy web sites.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sophos Limited (Sophos Group Ltd.)
Original Assignee
Sophos Limited (Sophos Group Ltd.)
Inventors
Baldry, Richard, Thomas, Ross G.
Primary Examiner(s)
Dollinger, Tonia L
Assistant Examiner(s)
Belani, Kishin G

Application Number

US12/369,223
Publication Number

US 20100205291A1
Time in Patent Office

3,107 Days
Field of Search

709229
US Class Current
CPC Class Codes

G06F 15/173   using an interconnection ne...

G06F 16/958   Organisation or management ...

H04L 41/0893   Assignment of logical group...

Systems and methods for enforcing policies in the discovery of anonymizing proxy communications

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for enforcing policies in the discovery of anonymizing proxy communications

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links