Patent · US Active

Detecting web exploit kits by tree-based structural similarity search

US9516051B1 · kind B1 · utility

4Cited by

9References

17Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Xin Hu · White Plains, US
Jiyong Jang · Ossining, US
Fabian Monrose · Chapel Hill, US
Marc Philippe Stoecklin · Bern, CH
Teryl Paul Taylor · Danbury, US
Ting Wang · White Plains, US

Key dates

Filing date	Jun 25, 2015
Grant date	Dec 6, 2016
Priority date	—
Expiry date	Jun 25, 2035

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/168
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A method of detecting exploit kits includes receiving, at an input port of a computer, indication of HTTP (Hypertext Transfer Protocol) traffic. The HTTP traffic is clustered into a web session tree according to a client IP (Internet Protocol. A client tree structure of the web session tree is generated. The client tree structure is compared with tree structures of exploit kit samples.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.