Method and system for network-based detecting of malware from behavioral clustering


Ontology type: sgo:Patent     


Patent Info

DATE

2018-04-17T00:00

AUTHORS

Roberto PERDISCI , Wenke Lee , Gunter Ollmann

ABSTRACT

A computerized system and method for performing behavioral clustering of malware samples, comprising: executing malware samples in a controlled computer environment for a predetermined time to obtain Hypertext Transfer Protocol. HTTP traffic; clustering the malware samples into at least one cluster based on network behavioral information from the HTTP traffic; and extracting, using the at least one processor, network signatures from the HTTP traffic information for each cluster, the network signatures being indicative of malware infection. More... »

Related SciGraph Publications

  • 1996-08. Bagging predictors in MACHINE LEARNING
  • 2005-05. Logistic Model Trees in MACHINE LEARNING
  • JSON-LD is the canonical representation for SciGraph data.

    TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

    [
      {
        "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
        "about": [
          {
            "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/2746", 
            "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
            "type": "DefinedTerm"
          }
        ], 
        "author": [
          {
            "name": "Roberto PERDISCI", 
            "type": "Person"
          }, 
          {
            "name": "Wenke Lee", 
            "type": "Person"
          }, 
          {
            "name": "Gunter Ollmann", 
            "type": "Person"
          }
        ], 
        "citation": [
          {
            "id": "https://doi.org/10.1016/0167-4048(90)90072-2", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1001658589"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1016/0167-4048(90)90072-2", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1001658589"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/bf00058655", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1002929950", 
              "https://doi.org/10.1007/bf00058655"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/bf00058655", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1002929950", 
              "https://doi.org/10.1007/bf00058655"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/s10994-005-0466-3", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1005110454", 
              "https://doi.org/10.1007/s10994-005-0466-3"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/s10994-005-0466-3", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1005110454", 
              "https://doi.org/10.1007/s10994-005-0466-3"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1016/s0031-3203(02)00169-3", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1014676096"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1016/s0031-3203(02)00169-3", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1014676096"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1145/1610252.1610269", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1020840102"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.3233/jcs-2002-101-204", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1023300023"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1145/2089125.2089126", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1029161840"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1145/1242489.1242499", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1032733331"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1145/357830.357849", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1038596767"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1016/s0304-3975(97)00240-5", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1047421142"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.3233/jcs-2002-101-205", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1049135134"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1093/comjnl/41.7.444", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1059479190"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1109/32.372146", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1061153929"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1109/msecp.2003.1219079", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1061421828"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1109/msecp.2003.1219079", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1061421828"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1109/msp.2006.161", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1061422560"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1109/msp.2007.45", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1061422882"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1109/tdsc.2004.21", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1061585056"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1109/tnet.2002.803905", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1061714320"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1504/ijsn.2007.012824", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1067492170"
            ], 
            "type": "CreativeWork"
          }
        ], 
        "datePublished": "2018-04-17T00:00", 
        "description": "

    A computerized system and method for performing behavioral clustering of malware samples, comprising: executing malware samples in a controlled computer environment for a predetermined time to obtain Hypertext Transfer Protocol. HTTP traffic; clustering the malware samples into at least one cluster based on network behavioral information from the HTTP traffic; and extracting, using the at least one processor, network signatures from the HTTP traffic information for each cluster, the network signatures being indicative of malware infection.

    ", "id": "sg:patent.US-9948671-B2", "keywords": [ "method", "malware", "computerized system", "computer environment", "Time", "transfer", "Cluster Analysis", "cluster", "behavioral information", "extracting", "processor", "signature", "infection" ], "name": "Method and system for network-based detecting of malware from behavioral clustering", "sameAs": [ "https://app.dimensions.ai/details/patent/US-9948671-B2" ], "sdDataset": "patents", "sdDatePublished": "2019-04-18T10:22", "sdLicense": "https://scigraph.springernature.com/explorer/license/", "sdPublisher": { "name": "Springer Nature - SN SciGraph project", "type": "Organization" }, "sdSource": "s3://com-uberresearch-data-patents-target-20190320-rc/data/sn-export/402f166718b70575fb5d4ffe01f064d1/0000100128-0000352499/json_export_01728.jsonl", "type": "Patent" } ]
     

    Download the RDF metadata as:  json-ld nt turtle xml License info

    HOW TO GET THIS DATA PROGRAMMATICALLY:

    JSON-LD is a popular format for linked data which is fully compatible with JSON.

    curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/patent.US-9948671-B2'

    N-Triples is a line-based linked data format ideal for batch operations.

    curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/patent.US-9948671-B2'

    Turtle is a human-readable linked data format.

    curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/patent.US-9948671-B2'

    RDF/XML is a standard XML format for linked data.

    curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/patent.US-9948671-B2'


     

    This table displays all metadata directly associated to this object as RDF triples.

    100 TRIPLES      14 PREDICATES      45 URIs      21 LITERALS      2 BLANK NODES

    Subject Predicate Object
    1 sg:patent.US-9948671-B2 schema:about anzsrc-for:2746
    2 schema:author N210151f34017413cb0816e70e0267b3a
    3 schema:citation sg:pub.10.1007/bf00058655
    4 sg:pub.10.1007/s10994-005-0466-3
    5 https://doi.org/10.1016/0167-4048(90)90072-2
    6 https://doi.org/10.1016/s0031-3203(02)00169-3
    7 https://doi.org/10.1016/s0304-3975(97)00240-5
    8 https://doi.org/10.1093/comjnl/41.7.444
    9 https://doi.org/10.1109/32.372146
    10 https://doi.org/10.1109/msecp.2003.1219079
    11 https://doi.org/10.1109/msp.2006.161
    12 https://doi.org/10.1109/msp.2007.45
    13 https://doi.org/10.1109/tdsc.2004.21
    14 https://doi.org/10.1109/tnet.2002.803905
    15 https://doi.org/10.1145/1242489.1242499
    16 https://doi.org/10.1145/1610252.1610269
    17 https://doi.org/10.1145/2089125.2089126
    18 https://doi.org/10.1145/357830.357849
    19 https://doi.org/10.1504/ijsn.2007.012824
    20 https://doi.org/10.3233/jcs-2002-101-204
    21 https://doi.org/10.3233/jcs-2002-101-205
    22 schema:datePublished 2018-04-17T00:00
    23 schema:description <p id="p-0001" num="0000">A computerized system and method for performing behavioral clustering of malware samples, comprising: executing malware samples in a controlled computer environment for a predetermined time to obtain Hypertext Transfer Protocol. HTTP traffic; clustering the malware samples into at least one cluster based on network behavioral information from the HTTP traffic; and extracting, using the at least one processor, network signatures from the HTTP traffic information for each cluster, the network signatures being indicative of malware infection.</p>
    24 schema:keywords Cluster Analysis
    25 Time
    26 behavioral information
    27 cluster
    28 computer environment
    29 computerized system
    30 extracting
    31 infection
    32 malware
    33 method
    34 processor
    35 signature
    36 transfer
    37 schema:name Method and system for network-based detecting of malware from behavioral clustering
    38 schema:sameAs https://app.dimensions.ai/details/patent/US-9948671-B2
    39 schema:sdDatePublished 2019-04-18T10:22
    40 schema:sdLicense https://scigraph.springernature.com/explorer/license/
    41 schema:sdPublisher Nc530b7c4447747e7a93a4dca1e3d6fc1
    42 sgo:license sg:explorer/license/
    43 sgo:sdDataset patents
    44 rdf:type sgo:Patent
    45 N210151f34017413cb0816e70e0267b3a rdf:first N5799c33b5dcf40188f26bef5ca4b6bc0
    46 rdf:rest Ne0e330069f774d4290a9f61b2481bd3e
    47 N2be27b7e9e1a4094924a67d28b219374 schema:name Wenke Lee
    48 rdf:type schema:Person
    49 N5799c33b5dcf40188f26bef5ca4b6bc0 schema:name Roberto PERDISCI
    50 rdf:type schema:Person
    51 Nc530b7c4447747e7a93a4dca1e3d6fc1 schema:name Springer Nature - SN SciGraph project
    52 rdf:type schema:Organization
    53 Nd2861ed1034743d98ad73021634f3cd3 schema:name Gunter Ollmann
    54 rdf:type schema:Person
    55 Nd813bf3ffcc2498fb5311b7ebf65c96f rdf:first Nd2861ed1034743d98ad73021634f3cd3
    56 rdf:rest rdf:nil
    57 Ne0e330069f774d4290a9f61b2481bd3e rdf:first N2be27b7e9e1a4094924a67d28b219374
    58 rdf:rest Nd813bf3ffcc2498fb5311b7ebf65c96f
    59 anzsrc-for:2746 schema:inDefinedTermSet anzsrc-for:
    60 rdf:type schema:DefinedTerm
    61 sg:pub.10.1007/bf00058655 schema:sameAs https://app.dimensions.ai/details/publication/pub.1002929950
    62 https://doi.org/10.1007/bf00058655
    63 rdf:type schema:CreativeWork
    64 sg:pub.10.1007/s10994-005-0466-3 schema:sameAs https://app.dimensions.ai/details/publication/pub.1005110454
    65 https://doi.org/10.1007/s10994-005-0466-3
    66 rdf:type schema:CreativeWork
    67 https://doi.org/10.1016/0167-4048(90)90072-2 schema:sameAs https://app.dimensions.ai/details/publication/pub.1001658589
    68 rdf:type schema:CreativeWork
    69 https://doi.org/10.1016/s0031-3203(02)00169-3 schema:sameAs https://app.dimensions.ai/details/publication/pub.1014676096
    70 rdf:type schema:CreativeWork
    71 https://doi.org/10.1016/s0304-3975(97)00240-5 schema:sameAs https://app.dimensions.ai/details/publication/pub.1047421142
    72 rdf:type schema:CreativeWork
    73 https://doi.org/10.1093/comjnl/41.7.444 schema:sameAs https://app.dimensions.ai/details/publication/pub.1059479190
    74 rdf:type schema:CreativeWork
    75 https://doi.org/10.1109/32.372146 schema:sameAs https://app.dimensions.ai/details/publication/pub.1061153929
    76 rdf:type schema:CreativeWork
    77 https://doi.org/10.1109/msecp.2003.1219079 schema:sameAs https://app.dimensions.ai/details/publication/pub.1061421828
    78 rdf:type schema:CreativeWork
    79 https://doi.org/10.1109/msp.2006.161 schema:sameAs https://app.dimensions.ai/details/publication/pub.1061422560
    80 rdf:type schema:CreativeWork
    81 https://doi.org/10.1109/msp.2007.45 schema:sameAs https://app.dimensions.ai/details/publication/pub.1061422882
    82 rdf:type schema:CreativeWork
    83 https://doi.org/10.1109/tdsc.2004.21 schema:sameAs https://app.dimensions.ai/details/publication/pub.1061585056
    84 rdf:type schema:CreativeWork
    85 https://doi.org/10.1109/tnet.2002.803905 schema:sameAs https://app.dimensions.ai/details/publication/pub.1061714320
    86 rdf:type schema:CreativeWork
    87 https://doi.org/10.1145/1242489.1242499 schema:sameAs https://app.dimensions.ai/details/publication/pub.1032733331
    88 rdf:type schema:CreativeWork
    89 https://doi.org/10.1145/1610252.1610269 schema:sameAs https://app.dimensions.ai/details/publication/pub.1020840102
    90 rdf:type schema:CreativeWork
    91 https://doi.org/10.1145/2089125.2089126 schema:sameAs https://app.dimensions.ai/details/publication/pub.1029161840
    92 rdf:type schema:CreativeWork
    93 https://doi.org/10.1145/357830.357849 schema:sameAs https://app.dimensions.ai/details/publication/pub.1038596767
    94 rdf:type schema:CreativeWork
    95 https://doi.org/10.1504/ijsn.2007.012824 schema:sameAs https://app.dimensions.ai/details/publication/pub.1067492170
    96 rdf:type schema:CreativeWork
    97 https://doi.org/10.3233/jcs-2002-101-204 schema:sameAs https://app.dimensions.ai/details/publication/pub.1023300023
    98 rdf:type schema:CreativeWork
    99 https://doi.org/10.3233/jcs-2002-101-205 schema:sameAs https://app.dimensions.ai/details/publication/pub.1049135134
    100 rdf:type schema:CreativeWork
     




    Preview window. Press ESC to close (or click here)


    ...