IDENTIFYING MALICIOUS WEB INFRASTRUCTURES
1 Assignment
0 Petitions
Accused Products
Abstract
Identifying malicious servers is provided. Malicious edges between server vertices corresponding to visible servers and invisible servers involved in network traffic redirection chains are determined based on determined graph-based features within a bipartite graph corresponding to invisible server vertices involved in the network traffic redirection chains and determined distance-based features corresponding to the invisible server vertices involved in the network traffic redirection chains. Malicious server vertices are identified in the bipartite graph based on the determined malicious edges between the server vertices corresponding to the visible servers and invisible servers involved in the network traffic redirection chains. Access by client devices is blocked to malicious servers corresponding to the identified malicious server vertices in the bipartite graph.
5 Citations
20 Claims
-
1-10. -10. (canceled)
-
11. A computer system for identifying malicious servers, the computer system comprising:
-
a bus system; a storage device connected to the bus system, wherein the storage device stores program instructions; and a processor connected to the bus system, wherein the processor executes the program instructions to; determine malicious edges between server vertices corresponding to visible servers and invisible servers involved in network traffic redirection chains based on determined graph-based features within a bipartite graph corresponding to visible and invisible server vertices involved in the network traffic redirection chains and determined distance-based features corresponding to the invisible server vertices involved in the network traffic redirection chains; identify malicious server vertices in the bipartite graph based on the determined malicious edges between the server vertices corresponding to the visible servers and invisible servers involved in the network traffic redirection chains; and block access by client devices to malicious servers corresponding to the identified malicious server vertices in the bipartite graph.
-
-
12. A computer program product for identifying malicious servers, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer to cause the computer to perform a method comprising:
-
determining, by the computer, malicious edges between server vertices corresponding to visible servers and invisible servers involved in network traffic redirection chains based on determined graph-based features within a bipartite graph corresponding to visible and invisible server vertices involved in the network traffic redirection chains and determined distance-based features corresponding to the invisible server vertices involved in the network traffic redirection chains; identifying, by the computer, malicious server vertices in the bipartite graph based on the determined malicious edges between the server vertices corresponding to the visible servers and invisible servers involved in the network traffic redirection chains; and blocking, by the computer, access by client devices to malicious servers corresponding to the identified malicious server vertices in the bipartite graph. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification