首页>
外国专利>
system and method of detecting malware with an algorithm generating domain names and systems contaminated with such malicious programs
system and method of detecting malware with an algorithm generating domain names and systems contaminated with such malicious programs
展开▼
机译:用生成域名的算法和被此类恶意程序污染的系统来检测恶意软件的系统和方法
展开▼
页面导航
摘要
著录项
相似文献
摘要
Systems and methods for detection of domain generated algorithms (DGA) and their command and control (C&C) servers are disclosed. In one embodiment, such an approach includes examining DNS queries for DNS resolution failures, and monitoring certain set of parameters such as number of levels, length of domain name, lexical complexity, and the like for each failed domain. These parameters may then be compared against certain thresholds to determine if the domain name is likely to be part of a DGA malware. Domain names identified as being part of a DGA malware may then be grouped together. Once a DGA domain name has been identified, activity from that domain name can be monitored to detect successful resolutions from the same source to see if any of the successful domain resolutions match these parameters. If they match specific thresholds, then the domain is determined to be a C&C server of the DGA malware and may be identified as such.
展开▼