| 发明名称 | Method and system for network-based detecting of malware from behavioral clustering | ||
| 摘要 | A computerized system and method for performing behavioral clustering of malware samples, comprising: executing malware samples in a controlled computer environment for a predetermined time to obtain HTTP traffic; clustering the malware samples into at least one cluster based on network behavioral information from the HTTP traffic; and extracting, using the at least one processor, network signatures from the HTTP traffic information for each cluster, the network signatures being indicative of malware infection. | ||
| 申请公布号 | US8826438(B2) | 申请公布日期 | 2014.09.02 |
| 申请号 | US201113008257 | 申请日期 | 2011.01.18 |
| 申请人 | Damballa, Inc. | 发明人 | Perdisci Roberto;Lee Wenke;Ollmann Gunter |
| 分类号 | H04L29/06;G06F21/56 | 主分类号 | H04L29/06 |
| 代理机构 | DLA Piper LLP US | 代理人 | DLA Piper LLP US |
| 主权项 | 1. A computerized method for performing behavioral clustering of malware samples, comprising: executing malware samples in a controlled computer environment for a predetermined time to obtain HTTP traffic; clustering, using at least one processing device, the malware samples into at least one coarse-grain cluster based on network behavioral information measured from content of the HTTP traffic; splitting, using the at least one processing device, the at least one coarse-grain cluster into at least two fine-grain cluster; clustering, using the at least one processing device, the at least two fine-grain cluster into merged clusters; and extracting, using the at least one processing device, network signatures from the HTTP traffic information for each merged cluster, the network signatures being indicative of malware infection. | ||
| 地址 | Atlanta GA US | ||