首页> 外国专利> Method of and system for analysis of interaction patterns of malware with control centers for detection of cyber attack

Method of and system for analysis of interaction patterns of malware with control centers for detection of cyber attack

机译：用于分析恶意软件与控制中心的相互作用模式以检测网络攻击的方法和系统

页面导航

摘要
著录项
相似文献

摘要

This technical solution relates to systems and methods of cyber attack detection, and more specifically it relates to analysis methods and systems for protocols of interaction of malware and cyber attack detection and control centers (servers). The method comprises: uploading the malware application into at least one virtual environment; collecting, by the server, a plurality of malware requests transmitted by the malware application to the malware control center; analyzing the plurality of malware requests to determine, for each given malware request: at least one malware request parameter contained therein; and an order thereof of the at least one malware request parameter. The method then groups the plurality of malware requests based on shared similar malware request parameters contained therein and order thereof and for each group of the at least one group containing at least two malware requests, generates a regular expression describing malware request parameters and order thereof of the group, which regular expression can be used as an emulator of the malware application.

机译：该技术方案涉及网络攻击检测的系统和方法，更具体地说，涉及用于恶意软件与网络攻击检测和控制中心（服务器）的交互协议的分析方法和系统。该方法包括：将恶意软件应用上传到至少一个虚拟环境中;以及服务器收集由恶意软件应用发送给恶意软件控制中心的多个恶意软件请求;分析多个恶意软件请求，以针对每个给定的恶意软件请求确定其中包含的至少一个恶意软件请求参数;至少一个恶意软件请求参数的顺序及其顺序。然后，该方法基于其中包含的共享的相似恶意软件请求参数及其顺序对多个恶意软件请求进行分组，并且对于包含至少两个恶意软件请求的至少一个群组中的每个组，生成描述恶意软件请求参数及其顺序的正则表达式。组，该正则表达式可用作恶意软件应用程序的仿真器。

著录项

公开/公告号US10430588B2

专利类型
公开/公告日2019-10-01

原文格式PDF
申请/专利权人 TRUST LTD.;
展开▼

申请/专利号US201715642529
发明设计人 DMITRY ALEKSANDROVICH VOLKOV;
展开▼

申请日2017-07-06
分类号H04L29/06;G06F21/56;G06F21/53;G06F21/55;H04L29/08;
国家 US
入库时间 2022-08-21 12:15:48

相似文献

专利
外文文献
中文文献