Invention Grant
US09191403B2 Cyber security adaptive analytics threat monitoring system and method
有权
网络安全自适应分析威胁监控系统及方法
- Patent Title: Cyber security adaptive analytics threat monitoring system and method
- Patent Title (中): 网络安全自适应分析威胁监控系统及方法
-
Application No.: US14149598Application Date: 2014-01-07
-
Publication No.: US09191403B2Publication Date: 2015-11-17
- Inventor: Scott Zoldi , Jehangir Athwal , Hua Li , Matthew Kennel , Xinwei Xue
- Applicant: FAIR ISAAC CORPORATION
- Applicant Address: US CA San Jose
- Assignee: FAIR ISAAC CORPORATION
- Current Assignee: FAIR ISAAC CORPORATION
- Current Assignee Address: US CA San Jose
- Agency: Mintz Levin Cohn Ferris Glovsky and Popeo, P.C.
- Main IPC: G06F11/00
- IPC: G06F11/00 ; H04L29/06 ; H04L29/08
Abstract:
A system and method of detecting command and control behavior of malware on a client computer is disclosed. One or more DNS messages are monitored from one or more client computers to a DNS server to determine a risk that one or more client computers is communicating with a botnet. Real-time entity profiles are generated for at least one of each of the one or more client computers, DNS domain query names, resolved IP addresses of query domain names, client computer-query domain name pairs, pairs of query domain name and corresponding resolved IP address, or query domain name-IP address cliques based on each of the one or more DNS messages. Using the real-time entity profiles, a risk that any of the one or more client computers is infected by malware that utilizes DNS messages for command and control or illegitimate data transmission purposes is determined. One or more scores are generated representing probabilities that one or more client computers is infected by malware.
Public/Granted literature
- US20150195299A1 CYBER SECURITY ADAPTIVE ANALYTICS THREAT MONITORING SYSTEM AND METHOD Public/Granted day:2015-07-09
Information query
