Techniques for detecting anomalous network traffic

摘要

Techniques for detecting anomalous network traffic are disclosed. In one particular embodiment, the techniques may be realized as a method for detecting anomalous network traffic comprising the steps of receiving a list including a plurality of processes and, for each process, a list of approved types of network traffic; monitoring network traffic of each process on the list of processes; upon detecting network traffic for a process on the list of processes, determining that the type of network traffic detected is not on the list of approved types for that process; and identifying the process as infected based on determining that the type of network traffic detected is not on the list of approved types for that process.

主权项

1. A method for managing authentication information comprising:
receiving a list including a plurality of processes, wherein each of the plurality of processes is run on a client system by executing a file representing that process; for each process on the list, analyzing the file representing that process to determine what types of network traffic are used by the process by identifying in the file instructions that entail those types of network traffic; for each process on the list, generating a list of approved types of network traffic based on types of network traffic determined for the process while analyzing the file representing the process; transmitting the list of processes including, for each process, the list of approved types of network traffic for use in identifying infected processes; monitoring network traffic of each process on the list of processes; upon detecting network traffic for a process on the list of processes, determining that the type of network traffic detected is not on the list of approved types for that process; and identifying the process as infected based on determining that the type of network traffic detected is not on the list of approved types for that process.