Bottom-up analysis of network sites

Assignee

• Microsoft Corporation · US

Inventors

• Jack Wilson Stokes, III · North Bend, US
• Reid Marlow Andersen · San Francisco, US
• Kumar Chellapilla · Sammamish, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1483
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

An approach for identifying suspect network sites in a network environment entails using one or more malware analysis modules to identify distribution sites that host malicious content and/or benign content. The approach then uses a linking analysis module to identify landing sites that are linked to the distribution sites. These linked sites are identified as suspect sites for further analysis. This analysis can be characterized as “bottom up” because it is initiated by the detection of potentially problematic distribution sites. The approach can also perform linking analysis to identify a suspect network site based on a number of alternating paths between that network site and a set of distribution sites that are known to host malicious content. The approach can also train a classifier module to predict whether an unknown landing site is a malicious landing site or a benign landing site.