Endpoint traffic profiling for early detection of malware spread
According to one exemplary embodiment, a method for detecting malware in a network stream to at least one host computer is provided. The method may include initializing a browser profile corresponding with a first website having a first website source and a first plurality of content features. The m...
Saved in:
Main Authors | , , , |
---|---|
Format | Patent |
Language | English |
Published |
15.11.2016
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | According to one exemplary embodiment, a method for detecting malware in a network stream to at least one host computer is provided. The method may include initializing a browser profile corresponding with a first website having a first website source and a first plurality of content features. The method may include recording the first plurality of content features and a trusted source based on the first website source. The method may include scanning the network stream for a second content feature within a second plurality of content features associated with a second website. The method may include determining if the second content feature matches a first content feature. The method may include determining if the second plurality of content features is consistent with the first plurality of content features. The method may include determining if a second website source matches the trusted source. The method may include generating an alert. |
---|---|
Bibliography: | Application Number: US201514729691 |