GATEWAY APPARATUS, DETECTING METOD THEREOF OF MALICIOUS DOMAIN AND HACKED HOST, AND NON-TRANSITORY COMPUTER READABLE MEDIUM
A gateway apparatus, a detecting method of malicious domain and hacked host thereof, and a non-transitory computer readable medium are provided. The detecting method includes the following steps: capturing network traffics, and parsing traces and channels from the network traffics. Each channel is r...
Saved in:
Main Authors | , , , , |
---|---|
Format | Patent |
Language | Chinese English |
Published |
21.01.2019
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | A gateway apparatus, a detecting method of malicious domain and hacked host thereof, and a non-transitory computer readable medium are provided. The detecting method includes the following steps: capturing network traffics, and parsing traces and channels from the network traffics. Each channel is related to a link between a domain and an Internet Protocol (IP) address, and each trace is related to an http request requested from the IP address for asking the domain. Then, a trace-channel behavior graph is established. The malicious degree model is trained based on the trace-channel behavior graph and threat intelligence. Accordingly, a malicious degree of an unknown channel can be determined, thereby providing a detecting method with high precision. |
---|---|
Bibliography: | Application Number: TW20176124398 |