专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2018085732A1 TECHNIQUES FOR DETECTING MALICIOUS BEHAVIOR USING AN ACCOMPLICE MODEL 审中-公开
标题翻译：一种利用随机模型检测恶意行为的技术
公开(公告)号：WO2018085732A1
公开(公告)日：2018-05-11
申请号：PCT/US2017/060061
申请日：2017-11-03
申请人： RISKIQ, INC.
发明人： HUNT, Adam , LINN, Joseph , GOODMAN, Nick , MANOUSOS, Elias , KIERNAN, Chris , PON, David , EDGEWORTH, Jonas
IPC分类号： H04L29/06 , H04L29/08
摘要： The present disclosure generally relates to web page analysis, and more particularly to detecting malicious behavior using an accomplice model. In certain embodiments, the accomplice model may determine that a URI is associated with malicious behavior based upon the URI being associated with an attribute determined to be related to malicious behavior. Examples of an attribute include a host system, a domain, or an element of a document used to render the web page. Examples of an element of a document used to render the web page may include an active/dynamic element (e.g., a function, a script, etc.) or an inactive/static element (e.g., a string, a number, a frame, a tracking username, a social networking username, etc.).
摘要翻译：本公开总体上涉及网页分析，并且更具体地涉及使用共犯模型来检测恶意行为。在某些实施例中，共犯模型可以基于URI与被确定为与恶意行为相关的属性相关联来确定URI与恶意行为相关联。属性的示例包括主机系统，域或用于呈现网页的文档的元素。用于呈现网页的文档的元素的示例可以包括活动/动态元素（例如，函数，脚本等）或不活动/静态元素（例如，字符串，数字，帧，跟踪用户名，社交网络用户名等）。

2. 发明申请

WO2018075695A1 HOST PAIR DETECTION 审中-公开
标题翻译：主机对检测
公开(公告)号：WO2018075695A1
公开(公告)日：2018-04-26
申请号：PCT/US2017/057271
申请日：2017-10-18
申请人： RISKIQ, INC.
发明人： HUNT, Adam , EDGEWORTH, Jonas , KIERNAN, Chris , MANOUSOS, Elias , PON, David
IPC分类号： G06F17/30
CPC分类号： H04L41/14 , G06F3/04842 , G06F16/951 , G06F16/9566 , G06F17/2247 , G06F17/272 , H04L63/1483
摘要： The present disclosure relates to identifying and storing relationships between hosts that are used to present a web page to a user. In certain embodiments, a system for detecting host pairs is provided. The system may receive a first request to identify one or more host pairs associated with a first host. In response to receiving the first request, the system may send a second request to the first host for a document. The document may be a web page file that is used to build a web page associated with the first host. The web page file may include instructions that, when parsed, build the web page. In response to the second request, the first host may send a response to the system. The system may then use the data included in the response to build the web page. While building the web page, a pairing may be stored when a different host is contacted.
摘要翻译：本公开涉及识别和存储用于向用户呈现网页的主机之间的关系。在某些实施例中，提供了一种用于检测主机对的系统。该系统可以接收识别与第一主机相关联的一个或多个主机对的第一请求。响应于接收到第一请求，系统可以向第一主机发送针对文档的第二请求。该文档可以是用于构建与第一主机相关联的网页的网页文件。该网页文件可以包括在解析时构建网页的指令。响应于第二请求，第一主机可以向系统发送响应。系统然后可以使用包含在响应中的数据来构建网页。在构建网页时，可以在联系不同主机时存储配对。

3. 发明申请

WO2017189727A1 TECHNIQUES FOR MONITORING VERSION NUMBERS OF WEB FRAMEWORKS 审中-公开
标题翻译：监测Web框架版本号的技巧
公开(公告)号：WO2017189727A1
公开(公告)日：2017-11-02
申请号：PCT/US2017/029643
申请日：2017-04-26
申请人： RISKIQ, INC.
发明人： HUNT, Adam , EDGEWORTH, Jonas , KIERNAN, Chris , PON, David , MANOUSOS, Elias
IPC分类号： G06F17/30 , G06F17/22
摘要： Techniques are disclosed for analyzing documents to detect web components and the web frameworks in the documents. In at least one embodiment, a network analysis system is provided to passively detect web frameworks of documents. The network analysis system can render a document using a document object model to identify objects in the document that are defined as web components. A hash function may be applied to each of the objects to generate a hash signature for the object. Files defining web frameworks can be downloaded from a repository system. Each file may corresponding to a web component. A hash function is applied content in each file to generate a hash signature. The hash signatures of each file may be compared to the hash signatures of the objects in the document to identify a web component for each object. A web framework can be identified based on the web components.
摘要翻译：公开了用于分析文档以检测文档中的web组件和web框架的技术。在至少一个实施例中，提供网络分析系统来被动地检测文档的web框架。网络分析系统可以使用文档对象模型来呈现文档以识别文档中定义为网页组件的对象。散列函数可以应用于每个对象以生成对象的散列签名。定义Web框架的文件可以从存储库系统下载。每个文件可能对应一个Web组件。散列函数应用于每个文件中的内容以生成散列签名。可以将每个文件的散列签名与文档中对象的散列签名进行比较，以识别每个对象的web组件。 Web框架可以基于Web组件来识别。

4. 发明申请

WO2017049042A1 IDENTIFYING PHISHING WEBSITES USING DOM CHARACTERISTICS 审中-公开
标题翻译：使用DOM特征识别固定网站
公开(公告)号：WO2017049042A1
公开(公告)日：2017-03-23
申请号：PCT/US2016/052069
申请日：2016-09-16
申请人： RISKIQ, INC.
发明人： HUNT, Adam , PON, David , KIERNAN, Chris , ADAMS, Ben , EDGEWORTH, Jonas , MANOUSOS, Elias
IPC分类号： H04L29/06
CPC分类号： H04L63/1483 , G06F2221/2119
摘要： Embodiments of the present disclosure are directed to identifying phishing websites by rendering and analyzing document object model (DOM) objects associated with a website for features that indicate phishing behavior. Embodiments analyze the full scope and functionality associated with a website by executing functions embedded in a DOM object before analyzing the website for phishing activity. Accordingly, embodiments render and analyze a fully executed DOM object for phishing behavior. Embodiments may then perform steps to mediate a website that is classified as performing phishing. Thus, embodiments are configured to (1) collect website information from a variety of websites and web servers connected to the internet, (2) analyze the collected data to determine whether the website information is performing phishing, and (3) mediate websites and other actors that are determined to be performing phishing based on the results of the phishing analysis.
摘要翻译：本公开的实施例旨在通过呈现和分析与网站相关联的文档对象模型（DOM）对象来指示网络钓鱼行为的特征来识别钓鱼网站。实施例通过在分析网站进行网络钓鱼活动之前执行嵌入在DOM对象中的功能来分析与网站相关的全部范围和功能。因此，实施例渲染和分析用于网络钓鱼行为的完全执行的DOM对象。然后，实施例可以执行步骤来调解被分类为执行网络钓鱼的网站。因此，实施例被配置为（1）从连接到因特网的各种网站和web服务器收集网站信息，（2）分析收集的数据以确定网站信息是否正在执行网络钓鱼，以及（3）调停网站和其他根据网络钓鱼分析的结果决定执行网络钓鱼的演员。

5. 发明申请

WO2018085499A1 TECHNIQUES FOR CLASSIFYING A WEB PAGE BASED UPON FUNCTIONS USED TO RENDER THE WEB PAGE 审中-公开
标题翻译：基于用于呈现网页的功能对网页进行分类的技术
公开(公告)号：WO2018085499A1
公开(公告)日：2018-05-11
申请号：PCT/US2017/059663
申请日：2017-11-02
申请人： RISKIQ, INC.
发明人： HUNT, Adam , LINN, Joseph , MANOUSOS, Elias , KIERNAN, Chris , PON, David , EDGEWORTH, Jonas , ALEXANDER, Steven
IPC分类号： G06F21/12 , G06F17/30 , G06F21/56 , H04L29/06
CPC分类号： H04L63/1483 , G06F16/951 , G06F16/958 , G06F17/2247 , G06F21/128 , G06F21/563 , G06K9/00442 , G06K9/6267
摘要： The present disclosure generally relates to web page analysis, and more particularly to a classification system for web pages. The classification system may classify a web page as malicious based upon one or more signatures generated for the web page. For example, the classification system may compare one or more signatures generated for a first web page to one or more signatures generated for a second web page, where the first web page and the second web page are the same web page at different times or different web pages. Based upon a similarity of the signatures, the classification system may output whether the first web page is malicious. For another example, the classification system may include a classification model that is trained based upon one or more signatures for one or more classified web pages. The classification model may output whether the web page is malicious.
摘要翻译：本公开总体上涉及网页分析，并且更具体地涉及用于网页的分类系统。分类系统可基于为网页生成的一个或多个签名将网页分类为恶意。例如，分类系统可将为第一网页生成的一个或多个签名与为第二网页生成的一个或多个签名进行比较，其中第一网页和第二网页在不同时间或不同时间是相同的网页网页。基于签名的相似性，分类系统可以输出第一网页是否是恶意的。又例如，分类系统可以包括基于一个或多个分类的网页的一个或多个签名来训练的分类模型。分类模型可以输出网页是否是恶意的。

6. 发明申请

WO2018035163A1 TECHNIQUES FOR DETERMINING THREAT INTELLIGENCE FOR NETWORK INFRASTRUCTURE ANALYSIS 审中-公开
标题翻译：确定威胁智能的网络基础设施分析技术
公开(公告)号：WO2018035163A1
公开(公告)日：2018-02-22
申请号：PCT/US2017/047017
申请日：2017-08-15
申请人： RISKIQ, INC.
发明人： HUNT, Adam , EDGEWORTH, Jonas , KIERNAN, Chris , MANOUSOS, Elias , PON, David
IPC分类号： G06F21/51 , G06F21/56 , H04L29/06 , G06F17/30
CPC分类号： H04L63/1483 , G06F21/51 , G06F21/562 , H04L41/22 , H04L43/14 , H04L63/08 , H04L63/1425
摘要： Embodiments of the present disclosure are directed to a network analytic system for tracking and analysis of network infrastructure for network-based digital assets. The network analytic system can detect and track a relationship between assets based on one or more attributes related or shared between any given assets. The network analytic system can analyze network-based digital assets to determine information about a website (e.g., information about electronic documents, such as web pages) that has be used to detect phishing and other abuse of the website. The network analytic system can analyze data about network-based assets to determine whether any are being used or connected to use of unauthorized or malicious activity or known network-based assets. Based on the relationship identified, the network analytic system can associate or link assets together. The network analytic system may provide an interface to view data sets generated by the network analytic system.
摘要翻译：本公开的实施例针对用于跟踪和分析用于基于网络的数字资产的网络基础设施的网络分析系统。网络分析系统可以基于与任何给定资产相关或共享的一个或多个属性来检测和跟踪资产之间的关系。网络分析系统可以分析基于网络的数字资产以确定关于网站的信息（例如，关于电子文档的信息，例如网页），其已经用于检测网站的网络钓鱼和其他滥用。网络分析系统可以分析有关基于网络的资产的数据，以确定是否有人使用或连接到使用未授权或恶意活动或已知的基于网络的资产。根据所确定的关系，网络分析系统可以将资产关联或链接在一起。网络分析系统可以提供一个界面来查看由网络分析系统生成的数据集。

7. 发明申请

WO2017049045A1 USING HASH SIGNATURES OF DOM OBJECTS TO IDENTIFY WEBSITE SIMILARITY 审中-公开
标题翻译：使用DOM对象的HASH签名来识别网站的相似性
公开(公告)号：WO2017049045A1
公开(公告)日：2017-03-23
申请号：PCT/US2016/052072
申请日：2016-09-16
申请人： RISKIQ, INC.
发明人： HUNT, Adam , PON, David , KIERNAN, Chris , ADAMS, Ben , EDGEWORTH, Jonas , MANOUSOS, Elias , LINN, Joseph
IPC分类号： G06F17/30 , H04L29/06
CPC分类号： H04L63/0876 , G06F17/30864 , G06F17/3089 , G06F21/128 , G06F2221/2119 , H04L9/3247 , H04L63/10 , H04L63/123 , H04L63/1416 , H04L63/1425 , H04L63/1483 , H04L2463/103
摘要： Embodiments are directed to using a hash signature of a rendered DOM object of a website to find similar content and behavior on other websites. Embodiments break a DOM into a large number of data portions (i.e., "shingles"), apply a hashing algorithm to the shingles, select a predetermined number of hashes from the hashed shingles according to a selection criteria to create a hash signature, and compare the hash signature to that of a reference page to determine similarity of website DOM object content. Embodiments can be used to identify phishing websites, defaced websites, spam websites, significant changes in the content of a webpage, copyright infringement, and any other suitable purposes related to the similarity between website DOM object content.
摘要翻译：实施例涉及使用网站的呈现的DOM对象的散列签名来在其他网站上找到类似的内容和行为。实施例将DOM分解成大量的数据部分（即，“带状”），对散列板应用散列算法，根据选择标准从散列带状混叠中选择预定数量的散列，以创建散列签名，并比较哈希签名到参考页面，以确定网站DOM对象内容的相似性。实施例可以用于识别网络钓鱼网站，被污染的网站，垃圾网站，网页内容的重大变化，侵犯版权以及与网站DOM对象内容之间的相似性有关的任何其他合适的目的。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式