专利名称:BEHAVIORAL DETECTION OF MALWARE
AGENTS
发明人:MONDIGUING, Stephen,CRUZ, Benjamin申请号:EP15843535.4申请日:20150825公开号:EP3198800A1公开日:20170802
摘要:In an example, a detection engine identifies potential malware objects accordingto behavior. In order to circumvent blacklists and fingerprint-based detection, a malwareserver may frequently change domain names, and change the fingerprints of distributedmalware agents. A malware agent may perform only an initial DNS lookup, and thereaftercommunicate with the malware command-and-control server via “naked” HTTP packetsusing the raw IP address of the server. The detection engine identifies malware agents bythis behavior. In one example, if an executable object makes repeated HTTP requests toan address after the DNS lookup “time to live” has expired, the object may be flaggedas potential malware.
申请人:McAfee, Inc.
地址:2821 Mission College Blvd. Santa Clara, CA 95054 US
国籍:US
代理机构:Maiwald Patentanwalts GmbH
更多信息请下载全文后查看
因篇幅问题不能全部显示,请点此查看更多更全内容