Methods and systems for prioritizing the monitoring of malicious uniform resource locators for new malware variants

摘要

A computer-implemented method for prioritizing the monitoring of malicious uniform resource locators for new malware variants may comprise: 1) identifying at least one malicious uniform resource locator, 2) collecting priority information relating to the malicious uniform resource locator, wherein the priority information comprises information relevant to prioritizing monitoring of the malicious uniform resource locator for new malware variants, 3) determining, based on the priority information, a monitoring-priority level for the malicious uniform resource locator, and then 4) allocating, based on the monitoring-priority level, a monitoring resource for monitoring the malicious uniform resource locator. Various other methods, systems, and computer-readable media are also disclosed.

主权项

1. A computer-implemented method for prioritizing the monitoring of malicious uniform resource locators for new malware variants, the method comprising:
identifying a plurality of malicious uniform resource locators, wherein each malicious uniform resource locator within the malicious uniform resource locators has previously pointed to a corresponding malware sample; collecting priority information for each of the malicious uniform resource locators to determine a non-zero and non-one probability that each of the malicious uniform resource locators will point to a new malware sample that is distinct from the corresponding malware sample previously pointed to by the malicious uniform resource locator; assigning a monitoring-priority level to each malicious uniform resource locator that monotonically increases with the probability that the malicious uniform resource locator will point to a new malware sample that is distinct from the corresponding malware sample previously pointed to by the malicious uniform resource locator, wherein assigning the monitoring-priority level optionally comprises modifying the monitoring-priority level with a manual-adjustment number; allocating an amount of monitoring resources for monitoring the malicious uniform resource locator for new malware samples based on the monitoring-priority level; monitoring each malicious uniform resource locator for new malware samples using the amount of monitoring resources allocated for monitoring the malicious uniform resource locator based on the monitoring-priority level, wherein at least one lower-priority malicious uniform resource locator within the malicious uniform resource locators is monitored for new malware samples using an amount of monitoring resources that is less than an amount of monitoring resources allocated to monitoring a higher-priority malicious uniform resource locator within the malicious uniform resource locators.