Identifying malware-suspect end points through entropy changes in consolidated logs

Invention Grant

US10440037B2 Identifying malware-suspect end points through entropy changes in consolidated logs 有权

Please log in to see more content

Patent Title: Identifying malware-suspect end points through entropy changes in consolidated logs
Application No.: US15476212

Application Date: 2017-03-31
Publication No.: US10440037B2

Publication Date: 2019-10-08
Inventor: Peter Thayer , Gabriel G. Infante-Lopez , Leandro J. Ferrado , Alejandro Houspanossian
Applicant: McAfee, Inc.
Applicant Address: US CA Santa Clara
Assignee: McAfee, LLC
Current Assignee: McAfee, LLC
Current Assignee Address: US CA Santa Clara
Agency: Hanley, Flight & Zimmerman, LLC
Main IPC: H04L29/06
IPC: H04L29/06 ; G06N20/00

Identifying malware-suspect end points through entropy changes in consolidated logs

Abstract:

Detecting a malware attack includes monitoring an event log of a first device, wherein the event log identifies events indicating that the first device is likely compromised, determining an expected rate of log entries during a time window, identifying that an actual rate of log entries during the time window satisfies a threshold, determining, in response to the identifying, that the first device is a compromised device, and performing an action in response to determining that the first device is a compromised device.

Public/Granted literature

US20180288074A1 IDENTIFYING MALWARE-SUSPECT END POINTS THROUGH ENTROPY CHANGES IN CONSOLIDATED LOGS Public/Granted day:2018-10-04

Information query

Espacenet