| 发明名称 |
SYSTEM AND METHOD FOR DETECTION OF TARGETED ATTACKS |
| 摘要 |
Methods, systems, and computer programs for detecting targeted attacks on compromised computer. An example method includes receiving from a plurality of computer systems data about the network resource, wherein each of the plurality of computer systems has a set of parameters and associated parameter values; detecting presence of a suspect indicator in the respective data received from each of a first group of the plurality of computer systems; detecting absence of the suspect indicator in the respective data received from each of a second group of the plurality of computer systems; determining at least one suspect parameter and at least one suspect parameter value; and estimating a probability of the targeted attack from the network resource based on the suspect indicator, the at least one suspect parameter, and the at least one parameter value. |
| 申请公布号 |
US2016080398(A1) |
申请公布日期 |
2016.03.17 |
| 申请号 |
US201414484891 |
申请日期 |
2014.09.12 |
| 申请人 |
Kaspersky Lab ZAO |
发明人 |
Yablokov Victor V. |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for detection of targeted attacks from a network resource, comprising:
receiving from a plurality of computer systems data about the network resource, wherein each of the plurality of computer systems has a set of parameters and associated parameter values; detecting presence of a suspect indicator in the respective data received from each of a first group of the plurality of computer systems; detecting absence of the suspect indicator in the respective data received from each of a second group of the plurality of computer systems; determining at least one suspect parameter and at least one suspect parameter value such that:
the at least one suspect parameter is set to the at least one suspect parameter value in each of the first group of the plurality of computer systems, andthe at least one suspect parameter is not set to the at least one suspect parameter value in each of the second group of the plurality of computer systems; and estimating a probability of the targeted attack from the network resource based on the suspect indicator, the at least one suspect parameter, and the at least one parameter value. |
| 地址 |
Moscow RU |
