Patent · US Active

Systematic mining of associated server herds for uncovering malware and attack campaigns

US9088598B1 · kind B1 · utility

131Cited by

2References

20Claims

0Family size

Assignee

Narus, Inc. · US

Inventors

Jialong Zhang · White Plains, US
Sabyasachi Saha · Sunnyvale, US
Guofei Gu · Atlanta, US
Sung-Ju Lee · Redwood City, US
Bruno A. Nardelli · Watertown, US

Key dates

Filing date	Nov 14, 2013
Grant date	Jul 21, 2015
Priority date	—
Expiry date	Jan 16, 2034

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1408
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A method for detecting malicious servers. The method includes analyzing network traffic data to generate a main similarity measure and a secondary similarity measure for each server pair found in the network traffic data, extracting a main subset and a secondary subset of servers based on the main similarity measure and the secondary similarity measure, identifying a server that belongs to the main subset and the secondary subset, and determining a suspicious score of the server based on at least a first similarity density measure of the main subset, a second similarity density measure of the secondary subset, and a commonality measure of the main subset and the secondary subset.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.