公开(公告)号：US08966625B1

公开(公告)日：2015-02-24

申请号：US13115014

申请日：2011-05-24

申请人： Nir Zuk ,  Renzo Lazzarato ,  Huagang Xie

发明人： Nir Zuk ,  Renzo Lazzarato ,  Huagang Xie

IPC分类号： G06F11/00

CPC分类号： H04L63/145 ,  G06F21/57 ,  G06F2221/034 ,  G06F2221/2111 ,  H04L63/1408 ,  H04L63/168

摘要： In some embodiments, identification of malware sites using unknown URL sites and newly registered DNS addresses includes performing a heuristic analysis for information associated with a network site; and assigning a score based on the heuristic analysis, in which the score indicates whether the network site is potentially malicious. In some embodiments, the system includes a security appliance that is in communication with the Internet. In some embodiments, the network site is associated with a network domain and/or a network uniform resource locator (URL). In some embodiments, performing a heuristic analysis for information associated with a network site further includes determining if a network site has recently been registered. In some embodiments, performing a heuristic analysis for information associated with a network site further includes determining if a network site is associated with recently changed DNS information. In some embodiments, performing a heuristic analysis for information associated with a network site further includes determining geographical information as well as an IP network location associated with the network site.

摘要翻译： 在一些实施例中，使用未知URL站点和新注册的DNS地址来识别恶意软件站点包括对与网络站点相关联的信息执行启发式分析; 并且基于启发式分析来分配分数，其中分数指示网络站点是否是潜在的恶意的。 在一些实施例中，系统包括与互联网通信的安全设备。 在一些实施例中，网络站点与网络域和/或网络统一资源定位符（URL）相关联。 在一些实施例中，对与网络站点相关联的信息执行启发式分析还包括确定网络站点是否最近已被注册。 在一些实施例中，对与网络站点相关联的信息执行启发式分析还包括确定网络站点是否与最近更改的DNS信息相关联。 在一些实施例中，对与网络站点相关联的信息执行启发式分析还包括确定地理信息以及与网络站点相关联的IP网络位置。