发明名称 |
SYSTEM TO IDENTIFY MACHINES INFECTED BY MALWARE APPLYING LINGUISTIC ANALYSIS TO NETWORK REQUESTS FROM ENDPOINTS |
摘要 |
A method to identify machines infected by malware is provided. The method includes determining whether a universal resource locator in a network request is present in a first cache and determining whether a fully qualified domain name from the uniform resource locator is present in a second cache. The method includes evaluating a parent hostname as to suspiciousness. The method includes indicating the computing device has a likelihood of infection, responsive to one of: the universal resource locator being present in the first cache with a first indication of suspiciousness, the fully qualified domain name being present in the second cache with a second indication of suspiciousness, or the evaluating the parent hostname having a third indication of suspiciousness, wherein at least one method operation is performed by the processor. A system and computer readable media are provided. |
申请公布号 |
US2016156640(A1) |
申请公布日期 |
2016.06.02 |
申请号 |
US201615018758 |
申请日期 |
2016.02.08 |
申请人 |
Symantec Corporation |
发明人 |
Hart Michael;Kienzle Darrell;Ashley Peter |
分类号 |
H04L29/06;G06F21/56 |
主分类号 |
H04L29/06 |
代理机构 |
|
代理人 |
|
主权项 |
1. A method of identifying machines infected by malware, comprising:
tracking domain names in network requests from a computing device, for at least a first time span; receiving a fully qualified domain name relating to a network request from the computing device; determining whether the fully qualified domain name is among the tracked domain names for the at least a first time span and prior to a second time span, the second time span extending to a present time, the first time span extending back in time from a beginning of the second time span; and indicating the computing device has a likelihood of infection, responsive to a result of the determining, wherein at least one method operation is performed by a processor. |
地址 |
Mountain View CA US |