会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明专利
    • System and method for active detection of malicious network resources
    • NL2031466A
    • 2022-12-19
    • NL2031466
    • 2022-03-31
    • GROUP IB TDS LTD
    • DMITRY VOLKOVNIKOLAY PRUDKOVSKIY
    • H04L9/40
    • The technique relates to the field of information security. A computer-implementable method for active detection of malicious network resources, the method being executable by a distributed computer system, the method comprising receiving an outbound infrastructure traffic, detecting at least one suspicious external IP address in the outbound traffic, scanning at least one suspicious device located on detected at least one suspicious IP address, and obtaining a list of services running on the suspicious device, sending detected at least one suspicious IP address and the obtained list of services to an external computing device, comparing the obtained list of services with a data on known malicious services, and in response to a coincidence of at least one service from the obtained service list with the data on known malicious services considering the suspicious device, located on at least one suspicious IP address, to be malicious and generating at least one report on detection of malicious activity in the infrastructure. In response to absence of coincidences of services from the obtained service list with the data on known malicious services, computing an interval of ownership of at least one suspicious IP address, and in response to the fact that the computed duration of the ownership interval is less than a threshold value, considering the suspicious device, located on at least one suspicious IP address, to be malicious and generating at least one report on detection of malicious activity in the infrastructure.