Detecting web exploit kits by tree-based structural similarity search

Invention Grant

US09723016B2 Detecting web exploit kits by tree-based structural similarity search 有权

Please log in to see more content

Patent Title: Detecting web exploit kits by tree-based structural similarity search
Application No.: US14712210

Application Date: 2015-05-14
Publication No.: US09723016B2

Publication Date: 2017-08-01
Inventor: Xin Hu , Jiyong Jang , Fabian Monrose , Marc Philippe Stoecklin , Teryl Taylor , Ting Wang
Applicant: International Business Machines Corporation
Applicant Address: US NY Armonk
Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
Current Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
Current Assignee Address: US NY Armonk
Agency: McGinn IP Law Group, PLLC
Agent Jeff LaBaw, Esq.
Main IPC: H04L29/06
IPC: H04L29/06 ; G06F17/30 ; H04L29/08

Detecting web exploit kits by tree-based structural similarity search

Abstract:

A method of detecting exploit kits includes receiving, at an input port of a computer, indication of HTTP (Hypertext Transfer Protocol) traffic. The HTTP traffic is clustered into a web session tree according to a client IP (Internet Protocol. A client tree structure of the web session tree is generated. The client tree structure is compared with tree structures of exploit kit samples.

Public/Granted literature

US20160337387A1 DETECTING WEB EXPLOIT KITS BY TREE-BASED STRUCTURAL SIMILARITY SEARCH Public/Granted day:2016-11-17

Information query

Espacenet