公开(公告)号：US09602525B2

公开(公告)日：2017-03-21

申请号：US14633805

申请日：2015-02-27

Applicant: Cisco Technology, Inc.

Inventor： Jiang Qian ,  Adam J. O'Donnell ,  Paul Frank ,  Patrick Mullen

IPC: G06F12/14 ,  H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/1433 ,  H04L63/1466

Abstract: Techniques are presented herein that combine a host-based analysis of an executable file on a host computer with a network-based analysis, i.e., an analysis of domain names to detect malware generated domain names that are used by the malicious executable files to establish malicious network connections. A server receives information from a host computer about an executable file that, when executed on the host computer, initiates a network connection. The server also receives information about the network connection itself. The server analyzes the information about the executable file to determine whether the executable file has a malicious disposition. Depending on a disposition of the executable file, the server analyzes the information about the network connection and determines whether the network connection is malicious.

公开(公告)号：US20160255107A1

公开(公告)日：2016-09-01

申请号：US14633805

申请日：2015-02-27

Applicant: Cisco Technology, Inc.

Inventor： Jiang Qian ,  Adam J. O'Donnell ,  Paul Frank ,  Patrick Mullen

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/1433 ,  H04L63/1466

Abstract: Techniques are presented herein that combine a host-based analysis of an executable file on a host computer with a network-based analysis, i.e., an analysis of domain names to detect malware generated domain names that are used by the malicious executable files to establish malicious network connections. A server receives information from a host computer about an executable file that, when executed on the host computer, initiates a network connection. The server also receives information about the network connection itself. The server analyzes the information about the executable file to determine whether the executable file has a malicious disposition. Depending on a disposition of the executable file, the server analyzes the information about the network connection and determines whether the network connection is malicious.

Abstract translation: 本文介绍了将主计算机上的可执行文件的基于主机的分析与基于网络的分析相结合的技术，即域名分析，以检测由恶意可执行文件用于建立恶意软件的恶意软件生成的域名 网络连接。 服务器从主机接收关于可执行文件的信息，该可执行文件在主计算机上执行时发起网络连接。 服务器还接收有关网络连接本身的信息。 服务器分析有关可执行文件的信息，以确定可执行文件是否具有恶意的配置。 根据可执行文件的配置，服务器分析有关网络连接的信息，并确定网络连接是否恶意。