Finding command and control center computers by communication link tracking
US9060018B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 5, 2014 |
| Grant date | Jun 16, 2015 |
| Priority date | — |
| Expiry date | Feb 5, 2034 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L67/303
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Methods, systems, and apparatus, including computer programs encoded on computer storage media for identifying malware attacks collects data traffic information. A system receives data traffic information indicative of communications between computers within a network and computers external to the network. The system parses the data traffic information to identify communication links between the computers within the network and computers external to the network. The system can generate communication link profiles for each of the computers within the network. The system can then group computers within the network into computer clusters based on similarities between the communication link profiles for each computer. The system can identify computer clusters having anomalous communication patterns as being indicative of a malware attack.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.