Pre-Grant Publication Number: 20070208822
Please help the USPTO examine the application by evaluating the relevance of the publicly submitted prior art to the patent application.
Peer-to-Patent forwards the Top 10 most relevant prior art submissions and their annotations to the United States Patent and Trademark Office.
Review this prior art and click on the thumbs up (or down) to indicate whether this submission should be forwarded to the USPTO.
If you login then you can add an annotation by typing in the box at the bottom of the screen to comment on the relevance of the prior art to the claims of the patent application.
Review this prior art and click on the thumbs up (or down) to indicate whether this submission should be forwarded to the USPTO.
If you login then you can add an annotation by typing in the box at the bottom of the screen to comment on the relevance of the prior art to the claims of the patent application.
Prior Art Detail
Summary / Description
| Summary / Description | Contains a study in which a browser was instrumented to detect drive-by-downloads. Identical to HoneyMonkey study. However, Moshchuck et al used the Firefox browser instead of Microsoft's Internet Explorer browser. |
Basic Information
| Type of Prior Art | Print Publication |
| Publication Title * | A Crawler-based Study of Spyware on the Web |
| Author | Alexander Moshchuk, Tanya Bragin, Steven D. Gribble, and Henry M. Levy |
| ISBN | |
| Page Range | |
| Medium | Other printed publication |
| Publication Date * | February 2006 |
| URL | http://www.cs.washington.edu/ho... |
Notes / To Do
| Notes | published at NDSS 2006 |
Excerpt
Excerpt Abstract: Malicious spyware poses a significant threat to desktop security and integrity. This paper examines that threat from an Internet perspective. Using a crawler, we performed a large-scale, longitudinal study of the Web, sampling both executables and conventional Web pages for malicious objects. Our results show the extent of spyware content. For example, in a May 2005 crawl of 18 million URLs, we found spyware in 13.4% of the 21,200 executables we identified. At the same time, we found scripted “drive-by download” attacks in 5.9% of the Web pages we processed. Our analysis quantifies the density of spyware, the types of of threats, and the most dangerous Web zones in which spyware is likely to be encountered. We also show the frequency with which specific spyware programs were found in the content we crawled. Finally, we measured changes in the density of spyware over time; e.g., our October 2005 crawl saw a substantial reduction in the presence of drive-by download attacks, compared with those we detected in May. |
Relevance
Claims
1
A system comprising:
a browser that is capable of visiting network locations as represented by uniform resource locators (URLs); and
a browser-based vulnerability exploit detector that directs the browser to visit a given URL by making an information request to the given URL; the browser-based vulnerability exploit detector adapted to detect if the given URL accomplishes an exploit on the system after the browser makes the information request to the given URL.
Relevance
Contains a study in which a browser was instrumented to detect drive-by-downloads. Identical to HoneyMonkey study. However, Moshchuck et al used the Firefox browser. It is used to make an information request to a given URL & Moshchuk's detection module is able to detect whether an exploit is launched by the server after this information request.
Contains a study in which a browser was instrumented to detect drive-by-downloads. Identical to HoneyMonkey study. However, Moshchuck et al used the Firefox browser. It is used to make an information request to a given URL & Moshchuk's detection module is able to detect whether an exploit is launched by the server after this information request.
Claim Chart
All
16
A method comprising:
requesting information from a targeted network location as represented by a uniform resource locator (URL);
receiving a response from the targeted URL;
tracing events that occur on a machine;
ascertaining if an illicit event occurred based on the traced events; and
determining that an exploit has been accomplished by the targeted URL if an illicit event is ascertained to have occurred.
Relevance
Moshchuk detection module works identical to Honeymonkey. It is a ble to detect unauthorized state changes that occur on the dedicated machine. This is the same mechanism used by Honeymonkey to determine whether a URL is malicious or not.
Moshchuk detection module works identical to Honeymonkey. It is a ble to detect unauthorized state changes that occur on the dedicated machine. This is the same mechanism used by Honeymonkey to determine whether a URL is malicious or not.
Claim Chart
All
