首页>
外国专利>
LEARNING INDICATORS OF COMPROMISE WITH HIERARCHICAL MODELS
LEARNING INDICATORS OF COMPROMISE WITH HIERARCHICAL MODELS
展开▼
机译:分层模型的妥协性学习指标
展开▼
页面导航
摘要
著录项
相似文献
摘要
Presented herein are techniques for classifying devices as being infected with malware based on learned indicators of compromise. A method includes receiving at a security analysis device, traffic flows from a plurality of entities destined for a plurality of users, aggregating the traffic flows into discrete bags of traffic, wherein the bags of traffic comprise a plurality of flows of traffic for a given user over a predetermined period of time, extracting features from the bags of traffic and aggregating the features into per-flow feature vectors, aggregating the per-flow feature vectors into per-destination domain aggregated vectors, combining the per-destination-domain aggregated vectors into a per-user aggregated vector, and classifying a computing device used by a given user as infected with malware when indicators of compromise detected in the bags of traffic indicate that the per-user aggregated vector for the given user includes suspicious features among the extracted features.
展开▼