首页>
外国专利>
DETECTING MALICIOUS BEACONING COMMUNITIES USING LOCKSTEP DETECTION AND CO-OCCURRENCE GRAPH
DETECTING MALICIOUS BEACONING COMMUNITIES USING LOCKSTEP DETECTION AND CO-OCCURRENCE GRAPH
展开▼
机译:使用LOCKSTEP检测和同现图检测恶意信标社区
展开▼
页面导航
摘要
著录项
相似文献
摘要
A computer-implemented method (and apparatus) includes receiving input data comprising bipartite graph data in a format of source MAC (Machine Access Code) data versus destination IP (Internet Protocol) data and timestamp information. The input bipartite graph data is provided into a first processing to detect malicious beaconing activities using a lockstep detection method on the input bipartite graph data to detect possible synchronized attacks against a targeted infrastructure. The input bipartite graph data is also provided into a second processing, the second processing initially converting the bipartite graph data into a co-occurrence graph format that indicates in a graph format how devices in the targeted infrastructure communicate with different external destination servers over time. The second processing detects malicious beaconing activities by analyzing data exchanges with the external destination servers to detect anomalies.
展开▼