摘要 |
Existing techniques for detecting unauthorized network access by malware-infected computers or the like cannot generate effective URL regular expressions from small samples of malicious URLs. On the basis of feature quantities for past network accesses and malicious URLs obtained from malware analysis results, this invention expands the sample of malicious URLs by searching an access log for URLs similar to said malicious URLs and generates a URL regular expression. Said URL regular expression is added to detection rules to detect unauthorized access. |