| 发明名称 | Methods and apparatus to detect risks using application layer protocol headers | ||
| 摘要 | Methods, apparatus, systems and articles of manufacture to detect risks using application protocol headers are disclosed. An example method includes extracting characteristics from a header of a received hypertext transport protocol (HTTP) request, determining a first score corresponding to a first characteristic of the characteristics, determining a second score corresponding to a second characteristic of the characteristics, adding the first score and the second score to determine a combined score, and indicating that the received HTTP request is malware when the combined score meets a threshold. | ||
| 申请公布号 | US9135439(B2) | 申请公布日期 | 2015.09.15 |
| 申请号 | US201313839810 | 申请日期 | 2013.03.15 |
| 申请人 | Trustwave Holdings, Inc. | 发明人 | Montoro Rodrigo Ribeiro |
| 分类号 | G06F21/56;H04L29/06;H04L29/08 | 主分类号 | G06F21/56 |
| 代理机构 | Hanley Flight & Zimmerman, LLC | 代理人 | Hanley Flight & Zimmerman, LLC |
| 主权项 | 1. A method to analyze network communications, the method comprising: extracting characteristics from a header of a received hypertext transport protocol (HTTP) request; determining a length of a user agent field of the header as a first characteristic of the characteristics; determining, via a processor, a first score as a first value when the length of the user agent field is less than a length threshold, wherein the first value indicates that the received HTTP request is more likely to be malware; determining a second score corresponding to a second characteristic of the characteristics; adding the first score and the second score to determine a combined score; and indicating that the received HTTP request is malware when the combined score meets a threshold. | ||
| 地址 | Chicago IL US | ||