公开(公告)号：US11979432B2

公开(公告)日：2024-05-07

申请号：US17353641

申请日：2021-06-21

Applicant: Microsoft Technology Licensing, LLC

Inventor： Adam Hunt ,  Jonas Edgeworth ,  Chris Kiernan ,  Elias Manousos ,  David Pon

IPC: H04L9/40 ,  G06F21/51 ,  G06F21/56 ,  H04L41/22 ,  H04L43/00

CPC classification number: H04L63/1483 ,  G06F21/51 ,  G06F21/562 ,  H04L41/22 ,  H04L63/08 ,  H04L63/1425 ,  H04L43/14

Abstract: Embodiments of the present disclosure are directed to a network analytic system for tracking and analysis of network infrastructure for network-based digital assets. The network analytic system can detect and track a relationship between assets based on one or more attributes related or shared between any given assets. The network analytic system can analyze network-based digital assets to determine information about a website (e.g., information about electronic documents, such as web pages) that has be used to detect phishing and other abuse of the website. The network analytic system can analyze data about network-based assets to determine whether any are being used or connected to use of unauthorized or malicious activity or known network-based assets. Based on the relationship identified, the network analytic system can associate or link assets together. The network analytic system may provide an interface to view data sets generated by the network analytic system.

公开(公告)号：US11489860B2

公开(公告)日：2022-11-01

申请号：US16590259

申请日：2019-10-01

Applicant: Microsoft Technology Licensing, LLC

Inventor： Adam Hunt

IPC: H04L9/40

Abstract: Similar assets across a digital attack surface are identified. Extracting detail information and related edge information enables a network analysis system to provide indexed assets. A user of a network analysis system may provide additional data sources to enhance indexed assets. New data sources are processed in bulk to update existing assets. Edge information is pre-computed to provide on-demand access to a global inventory of mapped domain infrastructure assets.

公开(公告)号：US20220070194A1

公开(公告)日：2022-03-03

申请号：US17115042

申请日：2020-12-08

Applicant: Microsoft Technology Licensing, LLC

Inventor： Steven Alexander Daniel Pon ,  Adam Hunt ,  Jonas Edgeworth ,  Chris Kiernan ,  Elias Manousos ,  David Pon ,  Jonathan Matkowsky

IPC: H04L29/06 ,  G06F16/25

Abstract: An inventory of Internet-facing assets related to a username within a social media site is generated using network data gathered from network data sources. Using data sources of known threats, such as malware, phishing attempts, scam pages, blacklisted sites, and so on, a network analytic system generates analytical information about components that are owned, managed, and/or controlled by a target entity. A measure of identity threat is generated based on a classification model using the analytical information.

公开(公告)号：US11601460B1

公开(公告)日：2023-03-07

申请号：US16524133

申请日：2019-07-28

Applicant: Microsoft Technology Licensing, LLC

Inventor： Adam Hunt

IPC: H04L9/40 ,  G06F40/14 ,  G06F9/54

Abstract: Website assets are optimized for vulnerability scanning using node centrality techniques. A digital footprint of network nodes associated with a domain is determined. A similarity metric is defined using a weighted linear combination of features of a node. After determining a similarity metric for pairs of related nodes in the digital footprint of a domain, a set of centroids is determined. The reduced set of centroids is acted upon for vulnerability scanning.

公开(公告)号：US11361149B2

公开(公告)日：2022-06-14

申请号：US17131620

申请日：2020-12-22

Applicant: Microsoft Technology Licensing, LLC

Inventor： Adam Hunt ,  Jonas Edgeworth ,  Chris Kiernan ,  David Pon ,  Elias Manousos

IPC: G06F40/143 ,  G06F16/958 ,  G06F40/205 ,  G06F40/14 ,  H04L9/32 ,  G06F40/197

Abstract: Techniques are disclosed for analyzing documents to detect web components and the web frameworks in the documents. In at least one embodiment, a network analysis system is provided to passively detect web frameworks of documents. The network analysis system can render a document using a document object model to identify objects in the document that are defined as web components. A hash function may be applied to each of the objects to generate a hash signature for the object. Files defining web frameworks can be downloaded from a repository system. Each file may corresponding to a web component. A hash function is applied content in each file to generate a hash signature. The hash signatures of each file may be compared to the hash signatures of the objects in the document to identify a web component for each object. A web framework can be identified based on the web components.

公开(公告)号：US11210453B2

公开(公告)日：2021-12-28

申请号：US15787654

申请日：2017-10-18

Applicant: Microsoft Technology Licensing, LLC

Inventor： Adam Hunt ,  Jonas Edgeworth ,  Chris Kiernan ,  Elias Manousos ,  David Pon

IPC: G06F40/143 ,  H04L12/24 ,  G06F16/955 ,  G06F16/951 ,  G06F40/221 ,  H04L29/06 ,  G06F3/0484

Abstract: The present disclosure relates to identifying and storing relationships between hosts that are used to present a web page to a user. In certain embodiments, a system for detecting host pairs is provided. The system may receive a first request to identify one or more host pairs associated with a first host. In response to receiving the first request, the system may send a second request to the first host for a document. The document may be a web page file that is used to build a web page associated with the first host. The web page file may include instructions that, when parsed, build the web page. In response to the second request, the first host may send a response to the system. The system may then use the data included in the response to build the web page. While building the web page, a pairing may be stored when a different host is contacted.

公开(公告)号：US11580294B2

公开(公告)日：2023-02-14

申请号：US17838241

申请日：2022-06-12

Applicant: Microsoft Technology Licensing, LLC

Inventor： Adam Hunt ,  Jonas Edgeworth ,  Chris Kiernan ,  David Pon ,  Elias Manousos

IPC: G06F40/143 ,  G06F16/958 ,  G06F40/205 ,  G06F40/14 ,  H04L9/32 ,  G06F40/197

Abstract: Techniques are disclosed for analyzing documents to detect web components and the web frameworks in the documents. In at least one embodiment, a network analysis system is provided to passively detect web frameworks of documents. The network analysis system can render a document using a document object model to identify objects in the document that are defined as web components. A hash function may be applied to each of the objects to generate a hash signature for the object. Files defining web frameworks can be downloaded from a repository system. Each file may corresponding to a web component. A hash function is applied content in each file to generate a hash signature. The hash signatures of each file may be compared to the hash signatures of the objects in the document to identify a web component for each object. A web framework can be identified based on the web components.

公开(公告)号：US11765197B2

公开(公告)日：2023-09-19

申请号：US17380801

申请日：2021-07-20

Applicant: Microsoft Technology Licensing, LLC

Inventor： Chris Kiernan ,  Elias Manousos ,  Brandon Dixon ,  Andrew Kant ,  Jonas Edgeworth ,  Sunder Srinivasan ,  Brian Zak ,  Adam Hunt ,  Beckie Neumann ,  Jonathan Matkowsky

IPC: H04L29/06 ,  H04L9/40 ,  G06F3/04842

CPC classification number: H04L63/1433 ,  H04L63/20 ,  G06F3/04842

Abstract: An inventory of Internet-facing assets related to a target domain is generated using network data gathered from network data sources. Using data sources of known threats, such as malware, phishing attempts, scam pages, blacklisted sites, and so on, a network analytic system generates analytical information about domains, sub-domains, and components that are owned, managed, and/or controlled by a target entity. A confidence score of ownership is generated based on a recursive rule engine. A visual representation of the inventory of Internet-facing assets is generated in a graphical user interface.

公开(公告)号：US11503070B2

公开(公告)日：2022-11-15

申请号：US15801247

申请日：2017-11-01

Applicant: Microsoft Technology Licensing, LLC

Inventor： Adam Hunt ,  Joseph Linn ,  Elias Manousos ,  Chris Kiernan ,  David Pon ,  Jonas Edgeworth ,  Steven Alexander Daniel Pon

IPC: H04L9/40 ,  G06F16/958 ,  G06F21/56 ,  G06F21/12 ,  G06F16/951 ,  G06F40/143 ,  G06V30/40 ,  G06K9/62

Abstract: The present disclosure generally relates to web page analysis, and more particularly to a classification system for web pages. The classification system may classify a web page as malicious based upon one or more signatures generated for the web page. For example, the classification system may compare one or more signatures generated for a first web page to one or more signatures generated for a second web page, where the first web page and the second web page are the same web page at different times or different web pages. Based upon a similarity of the signatures, the classification system may output whether the first web page is malicious. For another example, the classification system may include a classification model that is trained based upon one or more signatures for one or more classified web pages. The classification model may output whether the web page is malicious.

公开(公告)号：US11343269B2

公开(公告)日：2022-05-24

申请号：US17115042

申请日：2020-12-08

Applicant: Microsoft Technology Licensing, LLC

Inventor： Steven Alexander Daniel Pon ,  Adam Hunt ,  Jonas Edgeworth ,  Chris Kiernan ,  Elias Manousos ,  David Pon ,  Jonathan Matkowsky

IPC: G06F16/25 ,  H04L9/40 ,  H04L29/06

Abstract: An inventory of Internet-facing assets related to a username within a social media site is generated using network data gathered from network data sources. Using data sources of known threats, such as malware, phishing attempts, scam pages, blacklisted sites, and so on, a network analytic system generates analytical information about components that are owned, managed, and/or controlled by a target entity. A measure of identity threat is generated based on a classification model using the analytical information.