-
公开(公告)号:US20180198805A1
公开(公告)日:2018-07-12
申请号:US15400389
申请日:2017-01-06
发明人: Martin VEJMAN , Lukas MACHLICA
CPC分类号: H04L63/1416 , G06N5/022 , G06N7/005 , G06N20/00 , H04L61/1511 , H04L63/14 , H04L63/1425 , H04L63/1441 , H04L2463/146
摘要: Systems described herein preemptively detect newly registered network domains that are likely to be malicious before network behavior of the domains is actually observed. A network security device (e.g., a router) receives domain registration data that associates network domains with keys and generating a graph representing the domain registration data. Each edge of the graph connects a vertex representing a domain and a vertex representing a registration attribute (e.g., a registrant email address). The network security device identifies a connected component of the graph that meets a graph robustness threshold. The network security device determines whether a domain of the connected component whose behavior has not yet been observed is malicious using a predictive model based on existing maliciousness labels for other domains of the connected component.
搜索结果
1 条记录 (耗时 0.012 秒)
筛选
AND
AND
过滤
NOT
NOT
扫码加群
