发明名称 |
Methods and apparatus to detect risks using application layer protocol headers |
摘要 |
Methods, apparatus, systems and articles of manufacture to detect risks using application protocol headers are disclosed. An example method includes extracting characteristics from a header of a received hypertext transport protocol (HTTP) request, determining a first score corresponding to a first characteristic of the characteristics, determining a second score corresponding to a second characteristic of the characteristics, adding the first score and the second score to determine a combined score, and indicating that the received HTTP request is malware when the combined score meets a threshold. |
申请公布号 |
US9135439(B2) |
申请公布日期 |
2015.09.15 |
申请号 |
US201313839810 |
申请日期 |
2013.03.15 |
申请人 |
Trustwave Holdings, Inc. |
发明人 |
Montoro Rodrigo Ribeiro |
分类号 |
G06F21/56;H04L29/06;H04L29/08 |
主分类号 |
G06F21/56 |
代理机构 |
Hanley Flight & Zimmerman, LLC |
代理人 |
Hanley Flight & Zimmerman, LLC |
主权项 |
1. A method to analyze network communications, the method comprising:
extracting characteristics from a header of a received hypertext transport protocol (HTTP) request; determining a length of a user agent field of the header as a first characteristic of the characteristics; determining, via a processor, a first score as a first value when the length of the user agent field is less than a length threshold, wherein the first value indicates that the received HTTP request is more likely to be malware; determining a second score corresponding to a second characteristic of the characteristics; adding the first score and the second score to determine a combined score; and indicating that the received HTTP request is malware when the combined score meets a threshold. |
地址 |
Chicago IL US |