专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明专利

NL2031466A System and method for active detection of malicious network resources 未知
公开(公告)号：NL2031466A
公开(公告)日：2022-12-19
申请号：NL2031466
申请日：2022-03-31
申请人： GROUP IB TDS LTD
发明人： DMITRY VOLKOV , NIKOLAY PRUDKOVSKIY
IPC分类号： H04L9/40
摘要： The technique relates to the ﬁeld of information security. A computer-implementable method for active detection of malicious network resources, the method being executable by a distributed computer system, the method comprising receiving an outbound infrastructure trafﬁc, detecting at least one suspicious external IP address in the outbound trafﬁc, scanning at least one suspicious device located on detected at least one suspicious IP address, and obtaining a list of services running on the suspicious device, sending detected at least one suspicious IP address and the obtained list of services to an external computing device, comparing the obtained list of services with a data on known malicious services, and in response to a coincidence of at least one service from the obtained service list with the data on known malicious services considering the suspicious device, located on at least one suspicious IP address, to be malicious and generating at least one report on detection of malicious activity in the infrastructure. In response to absence of coincidences of services from the obtained service list with the data on known malicious services, computing an interval of ownership of at least one suspicious IP address, and in response to the fact that the computed duration of the ownership interval is less than a threshold value, considering the suspicious device, located on at least one suspicious IP address, to be malicious and generating at least one report on detection of malicious activity in the infrastructure.

IPRDB

热门服务

关于我们

友情链接

联系方式