-
公开(公告)号:US20110234594A1
公开(公告)日:2011-09-29
申请号:US12748014
申请日:2010-03-26
IPC分类号: G06T11/20
CPC分类号: G06K9/6224 , G06F17/30958 , G06Q30/02 , G06Q30/08
摘要: Various embodiments provide techniques for graph clustering. In one or more embodiments, a participation graph is obtained that represents relationships between entities. An auxiliary graph is constructed based on the participation graph. The auxiliary graph may be constructed such that the auxiliary graph is less dense than the participation graph and is therefore computationally less complex to analyze. Clusters in the auxiliary graph are determined by solving an objective function defined for the auxiliary graph. Clusters determined for the auxiliary graph may then be utilized to ascertain clusters in the participation graph that solve a related objective function defined for the participation graph.
摘要翻译: 各种实施例提供了用于图形聚类的技术。 在一个或多个实施例中,获得表示实体之间的关系的参与图。 基于参与图构建辅助图。 辅助图可以被构造成使得辅助图不如参与图密度小,因此在计算上不太分析复杂。 辅助图中的簇通过求解辅助图定义的目标函数来确定。 然后可以使用为辅助图确定的群集来确定参与图中的聚类,以解决为参与图定义的相关目标函数。
-
公开(公告)号:US08161130B2
公开(公告)日:2012-04-17
申请号:US12421644
申请日:2009-04-10
IPC分类号: G06F15/16
CPC分类号: H04L63/1408 , H04L63/1433 , H04L63/1441 , H04L63/1483
摘要: An approach for identifying suspect network sites in a network environment entails using one or more malware analysis modules to identify distribution sites that host malicious content and/or benign content. The approach then uses a linking analysis module to identify landing sites that are linked to the distribution sites. These linked sites are identified as suspect sites for further analysis. This analysis can be characterized as “bottom up” because it is initiated by the detection of potentially problematic distribution sites. The approach can also perform linking analysis to identify a suspect network site based on a number of alternating paths between that network site and a set of distribution sites that are known to host malicious content. The approach can also train a classifier module to predict whether an unknown landing site is a malicious landing site or a benign landing site.
摘要翻译: 在网络环境中识别可疑网络站点的方法需要使用一个或多个恶意软件分析模块来识别托管恶意内容和/或良性内容的分发站点。 然后,该方法使用链接分析模块来标识与分发站点相关联的着陆站点。 这些链接站点被确定为可疑站点进行进一步分析。 这种分析可以被描述为“自下而上”,因为它是通过检测潜在的有问题的分发站点而启动的。 该方法还可以执行链接分析,以基于网络站点与已知承载恶意内容的一组分发站点之间的多个交替路径来识别可疑网络站点。 该方法还可以训练分类器模块来预测未知的着陆点是否是恶意着陆点或良性着陆点。
-
公开(公告)号:US20100262693A1
公开(公告)日:2010-10-14
申请号:US12421644
申请日:2009-04-10
IPC分类号: G06F15/173
CPC分类号: H04L63/1408 , H04L63/1433 , H04L63/1441 , H04L63/1483
摘要: An approach for identifying suspect network sites in a network environment entails using one or more malware analysis modules to identify distribution sites that host malicious content and/or benign content. The approach then uses a linking analysis module to identify landing sites that are linked to the distribution sites. These linked sites are identified as suspect sites for further analysis. This analysis can be characterized as “bottom up” because it is initiated by the detection of potentially problematic distribution sites. The approach can also perform linking analysis to identify a suspect network site based on a number of alternating paths between that network site and a set of distribution sites that are known to host malicious content. The approach can also train a classifier module to predict whether an unknown landing site is a malicious landing site or a benign landing site.
摘要翻译: 在网络环境中识别可疑网络站点的方法需要使用一个或多个恶意软件分析模块来识别托管恶意内容和/或良性内容的分发站点。 然后,该方法使用链接分析模块来标识与分发站点相关联的着陆站点。 这些链接站点被确定为可疑站点进行进一步分析。 这种分析可以被描述为“自下而上”,因为它是通过检测潜在的有问题的分发站点而启动的。 该方法还可以执行链接分析,以基于网络站点与已知承载恶意内容的一组分发站点之间的多个交替路径来识别可疑网络站点。 该方法还可以训练分类器模块来预测未知的着陆点是否是恶意着陆点或良性着陆点。
-
-
搜索结果
3 条记录 (耗时 0.023 秒)
