Detection of malicious web activity in enterprise computer networks

Detection of malicious web activity in enterprise computer networks

A processing device in one embodiment comprises a processor coupled to a memory and is configured to obtain internal log data of a computer network of an enterprise, to extract values of a plurality of designated internal features from the log data, to obtain additional data from one or more externa...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Li Zhou, Bowers Kevin D, Oprea Alina M, Norris Robin
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A processing device in one embodiment comprises a processor coupled to a memory and is configured to obtain internal log data of a computer network of an enterprise, to extract values of a plurality of designated internal features from the log data, to obtain additional data from one or more external data sources, and to extract values of a plurality of designated external features from the additional data. The extracted values are applied to a regression model based on the internal and external features to generate malicious activity risk scores for respective ones of a plurality of domains, illustratively external domains having fully-qualified domain names (FQDNs). A subset of the domains are identified based on their respective malicious activity risk scores, and one or more proactive security measures are taken against the identified subset of domains. The processing device may be implemented in the computer network or an associated network security system.