Detection of stealthy malware activities with traffic causality and scalable triggering relation discovery

Files
9888030.pdf (1.31 MB)
Downloads: 149
TR Number
Date
2018-02-06
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
United States Patent and Trademark Office
Abstract

A computer system for distinguishing user-initiated network traffic from malware-initiated network traffic comprising at least one central processing unit (CPU) and a memory communicatively coupled to the CPU. The memory includes a program code executable by the CPU to monitor individual network events to determine for an individual network event whether the event has a legitimate root-trigger. Malware-initiated traffic is identified as an individual network event that does not have a legitimate root-trigger.

Description
Keywords
Citation