-
公开(公告)号:US20160255110A1
公开(公告)日:2016-09-01
申请号:US15057164
申请日:2016-03-01
Applicant: Verint Systems, Ltd.
Inventor: Yuval Altman , Assaf Yosef Keren , Ido Krupkin
CPC classification number: H04L63/1425 , G06N99/005 , H04L63/1441 , H04L63/145
Abstract: Malware detection techniques that detect malware by identifying the C&C communication between the malware and the remote host, and distinguish between communication transactions that carry C&C communication and transactions of innocent traffic. The system distinguishes between malware transactions and innocent transactions using malware identification models, which it adapts using machine learning algorithms. However, the number and variety of malicious transactions that can be obtained from the protected network are often too limited for effectively training the machine learning algorithms. Therefore, the system obtains additional malicious transactions from another computer network that is known to be relatively rich in malicious activity. The system is thus able to adapt the malware identification models based on a large number of positive examples—The malicious transactions obtained from both the protected network and the infected network. As a result, the malware identification models are adapted with high speed and accuracy.
Abstract translation: 通过识别恶意软件和远程主机之间的C&C通信来检测恶意软件的恶意软件检测技术,并区分进行C&C通信的通信事务和无害流量的交易。 该系统使用恶意软件识别模型区分恶意软件事务和无害事务,它使用机器学习算法进行调整。 然而,可以从受保护的网络获得的恶意交易的数量和种类往往太有限,以有效地训练机器学习算法。 因此,系统从已知相对较丰富的恶意活动的另一计算机网络获得额外的恶意事务。 因此,该系统能够基于大量正面示例来适应恶意软件识别模型 - 从受保护网络和受感染网络获得的恶意交易。 因此,恶意软件识别模型以高速度和准确度进行了调整。
-
公开(公告)号:US11316878B2
公开(公告)日:2022-04-26
申请号:US16057143
申请日:2018-08-07
Applicant: Verint Systems Ltd.
Inventor: Yuval Altman , Assaf Yosef Kere , Ido Krupkin , Pinhas Rozenblum
Abstract: Systems and methods for malware detection techniques, which detect malware by identifying the C&C communication between the malware and the remote host. In particular, the disclosed techniques distinguish between request-response transactions that carry C&C communication and request-response transactions of innocent traffic. Individual request-response transactions may be analyzed rather than entire flows, and fine-granularity features examined within the transactions. As such, these methods and systems are highly effective in distinguishing between malware C&C communication and innocent traffic, i.e., in detecting malware with high detection probability and few false alarms.
-
公开(公告)号:US09923913B2
公开(公告)日:2018-03-20
申请号:US15057164
申请日:2016-03-01
Applicant: Verint Systems, Ltd.
Inventor: Yuval Altman , Assaf Yosef Keren , Ido Krupkin
CPC classification number: H04L63/1425 , G06N99/005 , H04L63/1441 , H04L63/145
Abstract: Malware detection techniques that detect malware by identifying the C&C communication between the malware and the remote host, and distinguish between communication transactions that carry C&C communication and transactions of innocent traffic. The system distinguishes between malware transactions and innocent transactions using malware identification models, which it adapts using machine learning algorithms. However, the number and variety of malicious transactions that can be obtained from the protected network are often too limited for effectively training the machine learning algorithms. Therefore, the system obtains additional malicious transactions from another computer network that is known to be relatively rich in malicious activity. The system is thus able to adapt the malware identification models based on a large number of positive examples—The malicious transactions obtained from both the protected network and the infected network. As a result, the malware identification models are adapted with high speed and accuracy.
-
公开(公告)号:US20180278636A1
公开(公告)日:2018-09-27
申请号:US15924859
申请日:2018-03-19
Applicant: Verint Systems, Ltd.
Inventor: Yuval Altman , Assaf Yosef Keren , Ido Krupkin
CPC classification number: H04L63/1425 , G06N20/00 , H04L63/1441 , H04L63/145
Abstract: Malware detection techniques that detect malware by identifying the C&C communication between the malware and the remote host, and distinguish between communication transactions that carry C&C communication and transactions of innocent traffic. The system distinguishes between malware transactions and innocent transactions using malware identification models, which it adapts using machine learning algorithms. However, the number and variety of malicious transactions that can be obtained from the protected network are often too limited for effectively training the machine learning algorithms. Therefore, the system obtains additional malicious transactions from another computer network that is known to be relatively rich in malicious activity. The system is thus able to adapt the malware identification models based on a large number of positive examples—The malicious transactions obtained from both the protected network and the infected network. As a result, the malware identification models are adapted with high speed and accuracy.
-
公开(公告)号:US20130347114A1
公开(公告)日:2013-12-26
申请号:US13874339
申请日:2013-04-30
Applicant: Verint Systems Ltd.
Inventor: Yuval Altman , Assaf Yosef Kere , Ido Krupkin , Pinhas Rozenblum
IPC: G06F21/56
CPC classification number: G06F21/56 , G06F21/52 , G06F21/566 , H04L63/1425
Abstract: Systems and methods for malware detection techniques, which detect malware by identifying the C&C communication between the malware and the remote host. In particular, the disclosed techniques distinguish between request-response transactions that carry C&C communication and request-response transactions of innocent traffic. Individual request-response transactions may be analyzed rather than entire flows, and fine-granularity features examined within the transactions. As such, these methods and systems are highly effective in distinguishing between malware C&C communication and innocent traffic, i.e., in detecting malware with high detection probability and few false alarms.
Abstract translation: 用于恶意软件检测技术的系统和方法,通过识别恶意软件和远程主机之间的C&C通信来检测恶意软件。 特别地,所公开的技术区分携带C&C通信和无辜流量的请求 - 响应交易的请求 - 响应事务。 可以分析单独的请求 - 响应事务,而不是整个流程,以及在事务中检查的细粒度特征。 因此,这些方法和系统在区分恶意软件C&C通信和无害流量(即,以高检测概率和少量虚假警报)检测恶意软件方面是非常有效的。
-
Patent Agency Ranking
公开(公告)号:US11038907B2
公开(公告)日:2021-06-15
申请号:US15924859
申请日:2018-03-19
Applicant: Verint Systems, Ltd.
Inventor: Yuval Altman , Assaf Yosef Keren , Ido Krupkin
Abstract: Malware detection techniques that detect malware by identifying the C&C communication between the malware and the remote host, and distinguish between communication transactions that carry C&C communication and transactions of innocent traffic. The system distinguishes between malware transactions and innocent transactions using malware identification models, which it adapts using machine learning algorithms. However, the number and variety of malicious transactions that can be obtained from the protected network are often too limited for effectively training the machine learning algorithms. Therefore, the system obtains additional malicious transactions from another computer network that is known to be relatively rich in malicious activity. The system is thus able to adapt the malware identification models based on a large number of positive examples—The malicious transactions obtained from both the protected network and the infected network. As a result, the malware identification models are adapted with high speed and accuracy.
-
公开(公告)号:US20140359761A1
公开(公告)日:2014-12-04
申请号:US14295758
申请日:2014-06-04
Applicant: Verint Systems, Ltd.
Inventor: Yuval Altman , Assaf Yosef Keren , Ido Krupkin
IPC: H04L29/06
CPC classification number: H04L63/1425 , G06N99/005 , H04L63/1441 , H04L63/145
Abstract: Malware detection techniques that detect malware by identifying the C&C communication between the malware and the remote host, and distinguish between communication transactions that carry C&C communication and transactions of innocent traffic. The system distinguishes between malware transactions and innocent transactions using malware identification models, which it adapts using machine learning algorithms. However, the number and variety of malicious transactions that can be obtained from the protected network are often too limited for effectively training the machine learning algorithms. Therefore, the system obtains additional malicious transactions from another computer network that is known to be relatively rich in malicious activity. The system is thus able to adapt the malware identification models based on a large number of positive examples—The malicious transactions obtained from both the protected network and the infected network. As a result, the malware identification models are adapted with high speed and accuracy.
Abstract translation: 通过识别恶意软件和远程主机之间的C&C通信来检测恶意软件的恶意软件检测技术,并区分进行C&C通信的通信事务和无害流量的交易。 该系统使用恶意软件识别模型区分恶意软件事务和无害事务,它使用机器学习算法进行调整。 然而,可以从受保护的网络获得的恶意交易的数量和种类往往太有限,以有效地训练机器学习算法。 因此,系统从已知相对较丰富的恶意活动的另一计算机网络获得额外的恶意事务。 因此,该系统能够基于大量正面示例来适应恶意软件识别模型 - 从受保护网络和受感染网络获得的恶意交易。 因此,恶意软件识别模型以高速度和准确度进行了调整。
-
公开(公告)号:US20190034631A1
公开(公告)日:2019-01-31
申请号:US16057143
申请日:2018-08-07
Applicant: Verint Systems Ltd.
Inventor: Yuval Altman , Assaf Yosef Kere , Ido Krupkin , Pinhas Rozenblum
Abstract: Systems and methods for malware detection techniques, which detect malware by identifying the C&C communication between the malware and the remote host. In particular, the disclosed techniques distinguish between request-response transactions that carry C&C communication and request-response transactions of innocent traffic. Individual request-response transactions may be analyzed rather than entire flows, and fine-granularity features examined within the transactions. As such, these methods and systems are highly effective in distinguishing between malware C&C communication and innocent traffic, i.e., in detecting malware with high detection probability and few false alarms.
-
公开(公告)号:US10061922B2
公开(公告)日:2018-08-28
申请号:US13874339
申请日:2013-04-30
Applicant: Verint Systems Ltd.
Inventor: Yuval Altman , Assaf Yosef Kere , Ido Krupkin , Pinhas Rozenblum
CPC classification number: G06F21/56 , G06F21/52 , G06F21/566 , H04L63/1425
Abstract: Systems and methods for malware detection techniques, which detect malware by identifying the C&C communication between the malware and the remote host. In particular, the disclosed techniques distinguish between request-response transactions that carry C&C communication and request-response transactions of innocent traffic. Individual request-response transactions may be analyzed rather than entire flows, and fine-granularity features examined within the transactions. As such, these methods and systems are highly effective in distinguishing between malware C&C communication and innocent traffic, i.e., in detecting malware with high detection probability and few false alarms.
-
公开(公告)号:US09306971B2
公开(公告)日:2016-04-05
申请号:US14295758
申请日:2014-06-04
Applicant: Verint Systems, Ltd.
Inventor: Yuval Altman , Assaf Yosef Keren , Ido Krupkin
IPC: H04L29/06
CPC classification number: H04L63/1425 , G06N99/005 , H04L63/1441 , H04L63/145
Abstract: Malware detection techniques that detect malware by identifying the C&C communication between the malware and the remote host, and distinguish between communication transactions that carry C&C communication and transactions of innocent traffic. The system distinguishes between malware transactions and innocent transactions using malware identification models, which it adapts using machine learning algorithms. However, the number and variety of malicious transactions that can be obtained from the protected network are often too limited for effectively training the machine learning algorithms. Therefore, the system obtains additional malicious transactions from another computer network that is known to be relatively rich in malicious activity. The system is thus able to adapt the malware identification models based on a large number of positive examples—The malicious transactions obtained from both the protected network and the infected network. As a result, the malware identification models are adapted with high speed and accuracy.
Abstract translation: 通过识别恶意软件和远程主机之间的C&C通信来检测恶意软件的恶意软件检测技术,并区分进行C&C通信的通信事务和无害流量的交易。 该系统使用恶意软件识别模型区分恶意软件事务和无害事务,它使用机器学习算法进行调整。 然而,可以从受保护的网络获得的恶意交易的数量和种类往往太有限,以有效地训练机器学习算法。 因此,系统从已知相对较丰富的恶意活动的另一计算机网络获得额外的恶意事务。 因此,该系统能够基于大量正面示例来适应恶意软件识别模型 - 从受保护网络和受感染网络获得的恶意交易。 因此,恶意软件识别模型以高速度和准确度进行了调整。
-
-
-
-
-
-
-
-
-
Search Results
10
records
(took 0.016 seconds)
