GATEWAY APPARATUS, DETECTING METOD THEREOF OF MALICIOUS DOMAIN AND HACKED HOST, AND NON-TRANSITORY COMPUTER READABLE MEDIUM

A gateway apparatus, a detecting method of malicious domain and hacked host thereof, and a non-transitory computer readable medium are provided. The detecting method includes the following steps: capturing network traffics, and parsing traces and channels from the network traffics. Each channel is r...

Full description

Saved in:
Bibliographic Details
Main Authors CHEN, CHIENIH, SUN, JIA-HAO, CHOU, KUO-SEN, JENG, TZUNG-HAN, CHANG, KUANG-HUNG
Format Patent
LanguageChinese
English
Published 21.01.2019
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online AccessGet full text

Cover

More Information
Summary:A gateway apparatus, a detecting method of malicious domain and hacked host thereof, and a non-transitory computer readable medium are provided. The detecting method includes the following steps: capturing network traffics, and parsing traces and channels from the network traffics. Each channel is related to a link between a domain and an Internet Protocol (IP) address, and each trace is related to an http request requested from the IP address for asking the domain. Then, a trace-channel behavior graph is established. The malicious degree model is trained based on the trace-channel behavior graph and threat intelligence. Accordingly, a malicious degree of an unknown channel can be determined, thereby providing a detecting method with high precision.
Bibliography:Application Number: TW20176124398