首页> 外国专利> Graph-based method to detect malware command-and-control infrastructure

Graph-based method to detect malware command-and-control infrastructure

机译：基于图的恶意软件命令控制基础设施检测方法

页面导航

摘要
著录项
相似文献

摘要

Potentially infected internal device(s) and potential malware command and control device(s) are identified by generating a bipartite graph that includes internal device(s) inside a network and destination(s) outside the network which communicate over a period of time. The bipartite graph is reduced to obtain a reduced bipartite graph, including by eliminating those connections that include a whitelisted internal device and those connections that include a whitelisted destination. From the reduced graph, a cluster of potentially infected internal device(s) and potential malware command and control device(s) are identified based at least in part on (1) the cluster's degree of isolation from other clusters and (2) an isolation threshold.

机译：通过生成一个双向图，可以识别潜在感染的内部设备和潜在恶意软件命令与控制设备，该双向图包括网络内部的内部设备和网络外部的，在一段时间内进行通信的目的地。减少二部图以获得简化的二部图，包括通过消除那些包括列入白名单的内部设备的连接和那些包括列入白名单的目标的连接。从缩小的图中，至少部分基于（1）群集与其他群集的隔离度以及（2）隔离度，确定潜在感染的内部设备以及潜在的恶意软件命令和控制设备的群集阈。

著录项

公开/公告号US9195826B1

专利类型
公开/公告日2015-11-24

原文格式PDF
申请/专利权人 EMC CORPORATION;
展开▼

申请/专利号US201313906200
发明设计人 DEREK LIN;CHUNSHENG FANG;JOSEPH A. ZADEH;
展开▼

申请日2013-05-30
分类号G06F21/00;G06F21/56;
国家 US
入库时间 2022-08-21 14:29:19

相似文献

专利
外文文献
中文文献