Patent · US Active

Identifying malicious queries

US8495742B2 · kind B2 · utility

26Cited by

4References

20Claims

0Family size

Assignee

Microsoft Corporation · US

Inventors

Martin Abadi · Palo Alto, US
Yinglian Xie · Cupertino, US
Fang Yu · Beijing, CN
John Payyappillil John · Seattle, US

Key dates

Filing date	May 17, 2010
Grant date	Jul 23, 2013
Priority date	—
Expiry date	Oct 19, 2031

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/0227
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A framework identifies malicious queries contained in search logs to uncover relationships between the malicious queries and the potential attacks launched by attackers submitting the malicious queries. A small seed set of malicious queries may be used to identify an IP address in the search logs that submitted the malicious queries. The seed set may be expanded by examining all queries in the search logs submitted by the identified IP address. Regular expressions may be generated from the expanded set of queries and used for detecting yet new malicious queries. Upon identifying the malicious queries, the framework may be used to detect attacks on vulnerable websites, spamming attacks, and phishing attacks.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.