摘要 |
A method and apparatus for detecting cyber threats using reinforced cookies, which include HTTP cookies, history cookies, cache cookies and/or other types. A history cookie comprises an entry for a particular web page in a browser's navigation history. A cache cookie comprises an entry for a particular object (e.g., an image file) within a browser's cache. Upon a client's first visit to a web server, an identifier record is generated comprising data such as a user ID, a client device ID, an age (e.g., a counter), a cookie type, an authentication field, etc. From the unique identifier, one or more types of reinforced cookies are generated and stored with the client browser. On a subsequent visit, the client's cookie configuration is examined to determine whether the client may be the perpetrator or victim of a cyber attack. Cookies may be updated or replaced on some or all visits.
|