Robust representation of network traffic for detecting malware variations
US10187412B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Nov 19, 2015 |
| Grant date | Jan 22, 2019 |
| Priority date | — |
| Expiry date | May 19, 2036 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1425
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Techniques are presented that identify malware network communications between a computing device and a server based on a cumulative feature vector generated from a group of network traffic records associated with communications between computing devices and servers. Feature vectors are generated, each vector including features extracted from the network traffic records in the group. A self-similarity matrix is computed for each feature which is a representation of the feature that is invariant to an increase or a decrease of feature values across all feature vectors in the group. Each self-similarity matrix is transformed into corresponding histograms to be invariant to a number of network traffic records in the group. The cumulative feature vector is a cumulative representation of the predefined set of features of all network traffic records included in the at least one group of network traffic records and is generated based on the corresponding histograms.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.