主权项 |
1. A method comprising:
receiving, via an input interface, a string that corresponds to a hostname; identifying, at a computing device, a data structure that indicates frequencies of occurrence of each of a plurality of n-grams in a first set of strings; and applying, at the computing device, a filter to determine whether to classify the string as potentially suspicious, the filter including an entropy filter and at least one other filter, wherein the filter is configured to classify the string as potentially suspicious in response to the entropy filter and the at least one other filter each indicating that the string is potentially suspicious, wherein the entropy filter is configured to indicate that the string is potentially suspicious based on an n-gram entropy of the string, and wherein the n-gram entropy of the string is a function of the frequency of occurrence, indicated by the data structure, for each n-gram in the string. |