This specification relates to malware attack detection.
Malicious software or malwares are capable of infecting enterprise devices and establishing connections to external hosts that are under control of adversarial entities. These external hosts are sometimes referred to as command and control centers. Command and control centers are capable of instructing malware infected computers to perform various activities including disrupting network activity, sending information stored on the infected computers to third parties without user knowledge, and observing user interactions with the infected computers. In some cases, the location of command and control center computers can be difficult to identify. Additionally, identifying ongoing malware attacks is often difficult.