Invention Grant
US09195826B1 Graph-based method to detect malware command-and-control infrastructure
有权
用于检测恶意软件命令和控制基础设施的基于图形的方法
- Patent Title: Graph-based method to detect malware command-and-control infrastructure
- Patent Title (中): 用于检测恶意软件命令和控制基础设施的基于图形的方法
-
Application No.: US13906200Application Date: 2013-05-30
-
Publication No.: US09195826B1Publication Date: 2015-11-24
- Inventor: ChunSheng Fang , Derek Lin , Joseph A. Zadeh
- Applicant: EMC Corporation
- Applicant Address: US MA Hopkinton
- Assignee: EMC Corporation
- Current Assignee: EMC Corporation
- Current Assignee Address: US MA Hopkinton
- Agency: Van Pelt, Yi & James LLP
- Main IPC: G06F21/00
- IPC: G06F21/00 ; G06F21/56
Abstract:
Potentially infected internal device(s) and potential malware command and control device(s) are identified by generating a bipartite graph that includes internal device(s) inside a network and destination(s) outside the network which communicate over a period of time. The bipartite graph is reduced to obtain a reduced bipartite graph, including by eliminating those connections that include a whitelisted internal device and those connections that include a whitelisted destination. From the reduced graph, a cluster of potentially infected internal device(s) and potential malware command and control device(s) are identified based at least in part on (1) the cluster's degree of isolation from other clusters and (2) an isolation threshold.
Information query
