首页>
外国专利>
Identifying malicious applications by statistical analysis of currently running programs and network connections
Identifying malicious applications by statistical analysis of currently running programs and network connections
展开▼
机译:通过对当前正在运行的程序和网络连接进行统计分析来识别恶意应用程序
展开▼
页面导航
摘要
著录项
相似文献
摘要
A security application running on a computer system generates an application list indicating applications that are currently running. The system identifies network addresses meeting established criteria, such as entries in an IP whitelist or a database of malicious servers. The system then determines whether connections to those addresses have been made within a certain timeframe, and provides the application list LAPP and identified addresses LDOMHITS to another application 712, which may be on an external server 710 receiving information from multiple clients 100, 720, 722, 724. A statistical analysis is then performed to determine which of the applications in the list provided the connection to the suspect address. The analysing application may provide instruction to the system to kill the identified malware. If the operating platform restricts access to these details, the application list can be inferred from installed applications, and the network connections from DNS cache or routing table queries. This allows the detection and elimination of hazardous programs even in systems with restrictive security models.
展开▼