Detection of malicious C2 channels abusing social media sites
US11425162B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 1, 2020 |
| Grant date | Aug 23, 2022 |
| Priority date | — |
| Expiry date | Dec 25, 2040 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1466
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Methods, apparatuses and computer program products implement embodiments of the present invention that include protecting a computing device by specifying one or more Internet sites that are accessible by one or more computing devices that communicate over a data network and identifying process binaries that executed on the computing devices accessed and retrieved data from any of the specified one more Internet sites. The identified process binaries are classified into a plurality of classes of matching process binaries, and for a given class, a count of the computing devices that that executed one of the process binaries of the given class is computed. When determining that the count of the computing devices is less than a predefined threshold, a preventive action is initiated to inhibit command and control (C2) channel transmissions from any of the computing devices that executed any of the process binaries of the given class.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.