发明名称 | Method and system for network-based detecting of malware from behavioral clustering | ||
摘要 | A computerized system and method for performing behavioral clustering of malware samples, comprising: executing malware samples in a controlled computer environment for a predetermined time to obtain HTTP traffic; clustering the malware samples into at least one cluster based on network behavioral information from the HTTP traffic; and extracting, using the at least one processor, network signatures from the HTTP traffic information for each cluster, the network signatures being indicative of malware infection. | ||
申请公布号 | US8826438(B2) | 申请公布日期 | 2014.09.02 |
申请号 | US201113008257 | 申请日期 | 2011.01.18 |
申请人 | Damballa, Inc. | 发明人 | Perdisci Roberto;Lee Wenke;Ollmann Gunter |
分类号 | H04L29/06;G06F21/56 | 主分类号 | H04L29/06 |
代理机构 | DLA Piper LLP US | 代理人 | DLA Piper LLP US |
主权项 | 1. A computerized method for performing behavioral clustering of malware samples, comprising: executing malware samples in a controlled computer environment for a predetermined time to obtain HTTP traffic; clustering, using at least one processing device, the malware samples into at least one coarse-grain cluster based on network behavioral information measured from content of the HTTP traffic; splitting, using the at least one processing device, the at least one coarse-grain cluster into at least two fine-grain cluster; clustering, using the at least one processing device, the at least two fine-grain cluster into merged clusters; and extracting, using the at least one processing device, network signatures from the HTTP traffic information for each merged cluster, the network signatures being indicative of malware infection. | ||
地址 | Atlanta GA US |