Patent · US Active

Gateway apparatus, detecting method of malicious domain and hacked host thereof, and non-transitory computer readable medium

US10574695B2 · kind B2 · utility

3Cited by

16References

6Claims

0Family size

Assignee

Chunghwa Telecom Co., Ltd. · TW

Inventors

Tzung-Han Jeng · Taoyuan, TW
Chien-Chih Chen · Hsinchu, TW
Jia Sun · Wuxi, CN
Kuang-Hung Chang · Baoshan, TW
Kuo-Sen Chou · Taoyuan, TW

Key dates

Filing date	Aug 3, 2017
Grant date	Feb 25, 2020
Priority date	—
Expiry date	Mar 28, 2038

Classification

Technology area (CPC H)Electricity
CPC primaryH04L2463/146
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A gateway apparatus, a detecting method of malicious domain and hacked host thereof, and a non-transitory computer readable medium are provided. The detecting method includes the following steps: capturing network traffics, and parsing traces and channels from the network traffics. Each channel is related to a link between a domain and an Internet Protocol (IP) address, and each trace is related to an http request requested from the IP address for asking the domain. Then, a trace-channel behavior graph is established. The malicious degree model is trained based on the trace-channel behavior graph and threat intelligence. Accordingly, a malicious degree of an unknown channel can be determined, thereby providing a detecting method with high precision.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.