首页>
外国专利>
Graph-based method to detect malware command-and-control infrastructure
Graph-based method to detect malware command-and-control infrastructure
展开▼
机译:基于图的恶意软件命令控制基础设施检测方法
展开▼
页面导航
摘要
著录项
相似文献
摘要
Potentially infected internal device(s) and potential malware command and control device(s) are identified by generating a bipartite graph that includes internal device(s) inside a network and destination(s) outside the network which communicate over a period of time. The bipartite graph is reduced to obtain a reduced bipartite graph, including by eliminating those connections that include a whitelisted internal device and those connections that include a whitelisted destination. From the reduced graph, a cluster of potentially infected internal device(s) and potential malware command and control device(s) are identified based at least in part on (1) the cluster's degree of isolation from other clusters and (2) an isolation threshold.
展开▼