DETECTING COMPUTER SECURITY THREATS IN ELECTRONIC DOCUMENTS BASED ON STRUCTURE

摘要

In an embodiment, a data processing method providing an improvement in computer security comprises selecting, from a queue identifying a plurality of web pages, a particular web page to retrieve from one of a plurality of internet sources; causing retrieving a copy of the particular web page from a particular internet source; determining a hierarchical structure of the particular web page; based upon a hierarchical structure of the particular web page and without consideration of content of the particular web page, identifying one or more features, of links in the particular web page or files referenced in the particular web page, that indicate one or more security threats; determining a reputation score for the particular web page; determining a specified remediation measure, based upon the reputation score, to remediate a security threat that is identified in the particular web page; providing the specified remediation measure to one or more of a compromised computer, a sensor computer and an enterprise computer.

主权项

1. A data processing method providing an improvement in computer security, comprising:
using a programmed computer, selecting, from a queue identifying a plurality of web pages, a particular web page to retrieve from one of a plurality of internet sources; using the programmed computer, causing retrieving a copy of a particular web page from a particular internet source via one or more data networks, from among a plurality of web pages that are associated with a plurality of internet sources, and storing the copy in electronic digital memory of the programmed computer; using the programmed computer, determining a hierarchical tree structure of the particular web page; using the programmed computer, based upon a hierarchical tree structure of the particular web page and without consideration of content of the particular web page, identifying one or more features, of links in the particular web page or files referenced in the particular web page, that indicate one or more security threats; using the programmed computer, determining a reputation score for the particular web page, and based upon the reputation score, determining a specified remediation measure to remediate a security threat that is identified in the particular web page via one or more of a compromised computer, a sensor computer and an enterprise computer.