Patent · US Active

Detecting attacks on web applications using server logs

US11223637B2 · kind B2 · utility

5Cited by

1References

20Claims

0Family size

Assignee

MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

Hani Hana Neuvirth · Redmond, US
Ram Haim Pliskin · Rishon LeZion, IL
Tomer Koren · Nes Ziona, IL
Josef Weizman · Haifa, IL
Karl William Reinsch · Snoqualmie, US
Efim Hudis · Bellevue, US

Key dates

Filing date	Jan 7, 2018
Grant date	Jan 11, 2022
Priority date	—
Expiry date	Apr 5, 2039

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/168
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A previously-unknown type of attack on a web application can be detected dynamically using server logs. An alert can be raised for an application that returns a valid response to the potential attacker (e.g., when an http (hypertext transfer protocol) status code of 200 is returned to the requestor). Server logs can be analyzed to identify an external computer that uses the same attack methodology on multiple targets. The external computer may attempt to access the same Uniform Resource Identifier (URI) on various web sites. In many cases, the http status code that is returned is an error code. Characteristics such as but not limited to fast crawling and numerous error status codes being returned to a particular requestor can be used by a machine learning (ML) system to identify potentially malicious external computing devices and/or vulnerable URIs.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.