Invention Grant
- Patent Title: Malware infected terminal detecting apparatus, malware infected terminal detecting method, and malware infected terminal detecting program
-
Application No.: US15522147Application Date: 2015-11-10
-
Publication No.: US10819717B2Publication Date: 2020-10-27
- Inventor: Kazufumi Aoki , Kazunori Kamiya
- Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
- Applicant Address: JP Chiyoda-ku
- Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
- Current Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
- Current Assignee Address: JP Chiyoda-ku
- Agency: Oblon, McClelland, Maier & Neustadt, L.L.P.
- Priority: com.zzzhc.datahub.patent.etl.us.BibliographicData$PriorityClaim@60a39bc8 com.zzzhc.datahub.patent.etl.us.BibliographicData$PriorityClaim@61ed9530
- International Application: PCT/JP2015/081659 WO 20151110
- International Announcement: WO2016/076334 WO 20160519
- Main IPC: H04L29/06
- IPC: H04L29/06 ; G06F21/56
Abstract:
A detecting apparatus generates a collection of events, the collection being formed based on a predetermined condition, from events obtained for each identifier identifying a terminal in a monitoring target network or a piece of malware. The detecting apparatus then extracts, from a cluster formed of collections of events, the collections having a similarity therebetween equal to or larger than a certain similarity, events commonly appearing in the collections of events belonging to the same cluster, and extracts, according to a predetermined condition, the taken out events as a collection of detection purpose events. The detecting apparatus then detects that a malware infected terminal is present in the monitoring target network, if a generated collection of events based on communications in the monitoring target network is determined to match the extracted collection of detection purpose events.
Public/Granted literature
Information query
