Method and system for network-based detecting of malware from behavioral clustering

Invention Grant

US08826438B2 Method and system for network-based detecting of malware from behavioral clustering 有权

Title translation: 基于行为聚类的基于网络的恶意软件检测方法与系统

Please log in to see more content

Patent Title: Method and system for network-based detecting of malware from behavioral clustering
Patent Title (中): 基于行为聚类的基于网络的恶意软件检测方法与系统
Application No.: US13008257

Application Date: 2011-01-18
Publication No.: US08826438B2

Publication Date: 2014-09-02
Inventor: Roberto Perdisci , Wenke Lee , Gunter Ollmann
Applicant: Roberto Perdisci , Wenke Lee , Gunter Ollmann
Applicant Address: US GA Atlanta
Assignee: Damballa, Inc.
Current Assignee: Damballa, Inc.
Current Assignee Address: US GA Atlanta
Agency: DLA Piper LLP US
Main IPC: H04L29/06
IPC: H04L29/06 ; G06F21/56

Method and system for network-based detecting of malware from behavioral clustering

Abstract:

A computerized system and method for performing behavioral clustering of malware samples, comprising: executing malware samples in a controlled computer environment for a predetermined time to obtain HTTP traffic; clustering the malware samples into at least one cluster based on network behavioral information from the HTTP traffic; and extracting, using the at least one processor, network signatures from the HTTP traffic information for each cluster, the network signatures being indicative of malware infection.

Abstract(Chinese):

一种用于执行恶意软件样本的行为聚类的计算机化系统和方法，包括：在受控计算机环境中执行预定时间的恶意软件样本以获得HTTP流量; 根据来自HTTP流量的网络行为信息将恶意软件样本聚类到至少一个集群中; 以及使用所述至少一个处理器从每个群集的HTTP流量信息中提取网络签名，所述网络签名指示恶意软件感染。

Public/Granted literature

US20110283361A1 METHOD AND SYSTEM FOR NETWORK-BASED DETECTING OF MALWARE FROM BEHAVIORAL CLUSTERING Public/Granted day:2011-11-17

Information query

Espacenet