首页>
外国专利>
Identifying malware-suspect end points through entropy changes in consolidated logs
Identifying malware-suspect end points through entropy changes in consolidated logs
展开▼
机译:通过合并日志中的熵变化识别可疑恶意软件的端点
展开▼
页面导航
摘要
著录项
相似文献
摘要
Detecting a malware attack includes monitoring an event log of a first device, wherein the event log identifies events indicating that the first device is likely compromised, determining an expected rate of log entries during a time window, identifying that an actual rate of log entries during the time window satisfies a threshold, determining, in response to the identifying, that the first device is a compromised device, and performing an action in response to determining that the first device is a compromised device.
展开▼