首页>
外国专利>
IDENTIFYING MALWARE-SUSPECT END POINTS THROUGH ENTROPY CHANGES IN CONSOLIDATED LOGS
IDENTIFYING MALWARE-SUSPECT END POINTS THROUGH ENTROPY CHANGES IN CONSOLIDATED LOGS
展开▼
机译:通过合并日志中的熵变化识别恶意软件可疑的终点
展开▼
页面导航
摘要
著录项
相似文献
摘要
Detecting a malware attack includes monitoring an event log of a first device, wherein the event log identifies events indicating that the first device is likely compromised, determining an expected rate of log entries during a time window, identifying that an actual rate of log entries during the time window satisfies a threshold, determining, in response to the identifying, that the first device is a compromised device, and performing an action in response to determining that the first device is a compromised device.
展开▼