Software network behavior analysis and identification system

摘要

A particular method includes detecting, at a detection module, an indicator corresponding to a suspicious software component, where the indicator is detected based on monitored network data of a network system and based on a plurality of network behavior profiles. At least one of the network behavior profiles includes an ordered sequence of network actions. The method further includes determining, at an identification module, whether the indicator corresponds to any of the plurality of network behavior profiles. The method further includes generating output data in response to a determination that the indicator corresponds to a particular network behavior profile of the plurality of network behavior profiles.