首页> 外国专利> DETECTING MALICIOUS BEACONING COMMUNITIES USING LOCKSTEP DETECTION AND CO-OCCURRENCE GRAPH

DETECTING MALICIOUS BEACONING COMMUNITIES USING LOCKSTEP DETECTION AND CO-OCCURRENCE GRAPH

机译：使用LOCKSTEP检测和同现图检测恶意信标社区

页面导航

摘要
著录项
相似文献

摘要

A computer-implemented method (and apparatus) includes receiving input data comprising bipartite graph data in a format of source MAC (Machine Access Code) data versus destination IP (Internet Protocol) data and timestamp information. The input bipartite graph data is provided into a first processing to detect malicious beaconing activities using a lockstep detection method on the input bipartite graph data to detect possible synchronized attacks against a targeted infrastructure. The input bipartite graph data is also provided into a second processing, the second processing initially converting the bipartite graph data into a co-occurrence graph format that indicates in a graph format how devices in the targeted infrastructure communicate with different external destination servers over time. The second processing detects malicious beaconing activities by analyzing data exchanges with the external destination servers to detect anomalies.

机译：一种计算机实现的方法（和装置），包括以源MAC（机器访问代码）数据相对于目的地IP（互联网协议）数据和时间戳信息的格式接收包括二分图数据的输入数据。使用对输入的二分图数据的锁步检测方法，将输入的二分图数据提供给第一处理以检测恶意信标活动，以检测针对目标基础结构的可能的同步攻击。输入的二部图数据也被提供给第二处理，该第二处理首先将二部图数据转换为共现图格式，该共现图格式以图格式指示目标基础结构中的设备如何随时间与不同的外部目标服务器通信。第二处理通过分析与外部目标服务器的数据交换以检测异常来检测恶意信标活动。

著录项

公开/公告号US2018367547A1

专利类型
公开/公告日2018-12-20

原文格式PDF
申请/专利权人 INTERNATIONAL BUSINESS MACHINES CORPORATION;
展开▼

申请/专利号US201715626767
发明设计人 MARC PHILIPPE STOECKLIN;DOUGLAS LEE SCHALES;BUM JUN KWON;JIYONG JANG;DHILUNG HANG KIRAT;
展开▼

申请日2017-06-19
分类号H04L29/06;
国家 US
入库时间 2022-08-21 12:09:20

相似文献

专利
外文文献
中文文献