The present invention, in some embodiments thereof, relates to systems and methods for malicious connection detection and, more specifically, but not exclusively, to systems and methods for detection of malicious code that utilizes network connections for malicious activity and/or communication.
Certain types of malicious code attack computers and use the host computer to connect to other servers through a network connection. In one example, the network connection is initiated by the malicious code itself, for example, to send stolen data to a remote server. In another example, the malware injects code to a legitimate application, the injected code then initiates a connection to a remote server to send stolen data.
One example of a type of malicious attack is an advanced targeted attack (ATA), which is a sophisticated attack in which an unauthorized party gains access to a network and stays undetected for a long period of time. The intention of most ATAs is to steal data rather than cause damage to the network. ATAs target organizations in sectors with high-value information, such as credit card processors, government agencies, and the financial services industry.
Examples of Anti-ATA solutions are based on detection of the attack or detection of the infiltrated malicious code. In another example, other tools are designed to detect abnormal or malicious activity in action.