West et al., 2014 - Google Patents
Metadata-driven threat classification of network endpoints appearing in malwareWest et al., 2014
View PDF- Document ID
- 10098082434833756627
- Author
- West A
- Mohaisen A
- Publication year
- Publication venue
- International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
External Links
Snippet
Networked machines serving as binary distribution points, C&C channels, or drop sites are a ubiquitous aspect of malware infrastructure. By sandboxing malcode one can extract the network endpoints (ie, domains and URL paths) contacted during execution. Some …
- 238000004458 analytical method 0 abstract description 19
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30861—Retrieval from the Internet, e.g. browsers
- G06F17/30864—Retrieval from the Internet, e.g. browsers by querying, e.g. search engines or meta-search engines, crawling techniques, push systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
- H04L67/02—Network-specific arrangements or communication protocols supporting networked applications involving the use of web-based technology, e.g. hyper text transfer protocol [HTTP]
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Hong et al. | Phishing url detection with lexical features and blacklisted domains | |
| CN110719291B (en) | Network threat identification method and identification system based on threat information | |
| US11184374B2 (en) | Endpoint inter-process activity extraction and pattern matching | |
| West et al. | Metadata-driven threat classification of network endpoints appearing in malware | |
| Soska et al. | Automatically detecting vulnerable websites before they turn malicious | |
| Rafique et al. | Firma: Malware clustering and network signature generation with mixed network behaviors | |
| Catakoglu et al. | Automatic extraction of indicators of compromise for web applications | |
| Vadrevu et al. | Measuring and detecting malware downloads in live network traffic | |
| EP4073671A1 (en) | Automatic semantic modeling of system events | |
| Kim et al. | Detecting fake anti-virus software distribution webpages | |
| Wang et al. | NetSpy: Automatic generation of spyware signatures for NIDS | |
| Lamprakis et al. | Unsupervised detection of APT C&C channels using web request graphs | |
| Balduzzi et al. | Targeted attacks detection with spunge | |
| Stringhini et al. | Marmite: spreading malicious file reputation through download graphs | |
| Mohaisen | Towards automatic and lightweight detection and classification of malicious web contents | |
| Shibahara et al. | Detecting malicious websites by integrating malicious, benign, and compromised redirection subgraph similarities | |
| Hong et al. | Ctracer: uncover C&C in advanced persistent threats based on scalable framework for enterprise log data | |
| Juba et al. | Principled Sampling for Anomaly Detection. | |
| Han et al. | The role of cloud services in malicious software: Trends and insights | |
| Nuojua et al. | DNS tunneling detection techniques–classification, and theoretical comparison in case of a real APT campaign | |
| Chen et al. | Efficient suspicious URL filtering based on reputation | |
| US11632393B2 (en) | Detecting and mitigating malware by evaluating HTTP errors | |
| Kheir | Analyzing http user agent anomalies for malware detection | |
| Piredda et al. | Deepsquatting: Learning-based typosquatting detection at deeper domain levels | |
| Najafi et al. | Guilt-by-association: detecting malicious entities via graph mining |