×

Identifying malicious executables by analyzing proxy logs

  • US 9,992,216 B2
  • Filed: 02/10/2016
  • Issued: 06/05/2018
  • Est. Priority Date: 02/10/2016
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • at a server having connectivity to the Internet, retrieving sets of proxy logs from a plurality of proxy servers, wherein each proxy server of the plurality of proxy servers is associated with a network and generates network traffic logs for one or more nodes included in the network;

    determining a set of executables, including malicious and non-malicious executables, hosted by each of the one or more nodes associated with each proxy server of the plurality of proxy servers;

    selecting a specific executable from the set of executables for analysis;

    analyzing the set of executables hosted by each of the one or more nodes associated with each proxy server of the plurality of proxy servers to detect the specific executable;

    determining a group of nodes that each host the specific executable;

    identifying similar portions of network traffic logs of the nodes in the group;

    identifying portions of each of the network traffic logs that are associated with the specific executable by comparing the similar portions of the network traffic logs of the nodes in the group to the network traffic logs of the nodes not in the group, wherein the similar portions of the network traffic logs that are dissimilar from the network traffic logs of the nodes not in the group comprise the portions of the network traffic logs that are associated with the specific executable;

    determining that the specific executable is malicious when the identified portions of each of the network traffic logs include indicators of compromise indicative of maliciousness; and

    generating an alert indicating that the portions of each of the network traffic logs associated with the specific executable are malicious.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×