| CPC H04L 63/1483 (2013.01) [G06F 16/24578 (2019.01); G06F 16/951 (2019.01); G06F 16/955 (2019.01); H04L 63/0236 (2013.01); H04L 63/101 (2013.01); G06F 21/56 (2013.01); H04L 63/14 (2013.01); H04L 63/1433 (2013.01); H04L 63/1441 (2013.01); H04L 63/168 (2013.01); H04L 67/02 (2013.01); H04L 67/306 (2013.01)] | 20 Claims |
|
1. A method, comprising:
creating a uniform resource identifier (URI) list, which includes a plurality of URIs that are used to render a web page;
identifying an attribute associated with the web page;
identifying a number of web pages that are rendered and that cause a first URI associated with the attribute to be called without calling a second URI that is determined to be malicious;
calculating a score for the attribute based at least on the number of the web pages that are rendered and that cause the first URI associated with the attribute to be called without calling the second URI that is determined to be malicious;
classifying the attribute as malicious based at least on the score;
determining that an identified URI in the URI list is associated with the attribute; and
as a result of determining that the identified URI in the URI list is associated with the attribute, performing the following operations:
creating a blacklist incident for the identified URI; and
performing a security action with regard to the identified URI.
|