Method and system for detecting bot network

A botnet and zombie technology, applied in the transmission system, digital transmission system, data exchange network, etc., can solve problems such as difficult to achieve effective results, and achieve good overall defense effect, good defense effect, and effective defense effect

Inactive Publication Date: 2009-04-08
RUN TECH CO LTD BEIJING
View PDF0 Cites 51 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In this case, it is difficult to achieve

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting bot network
  • Method and system for detecting bot network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0048] 1. Deployment location:

[0049] Deploy this device to the inter-provincial outlet of the Internet, bypass the data flowing into and out of the provincial outlet, and then connect the bypassed data to the device.

[0050] 2. Data processing process:

[0051] (1) The bypassed data flows into the "network data analysis module" module, which analyzes the data according to the TCP / IP network protocol framework, extracts the data of the IRC protocol in the network, and transfers it to the "botnet data identification module" ", other data will be discarded without processing.

[0052] (2) The "botnet data identification module" loads the feature codes in the botnet communication data feature database, and compares these feature codes with the IRC protocol data parsed by the "network data analysis module", so as to find the botnet data packets . The found botnet data packets, as well as the parsed source IP and destination IP, source port number and destination port number,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for detecting a bot network and a system thereof, which belong to the field of computer security. The method comprises the following steps: first, extracting IRC protocol data from a network data packet; then, matching the protocol data with feature codes in a data feature bank to acquire a bot network data packet; dividing the bot network data packet, and linking the bot network data packets from the same bot network; finally, determining a control server, a bot computer and a bot network control computer from the same bot network according to the divided bot network data packets, thereby describing the topology of the bot network. The system comprises a network data analysis module, a bot network data identification module and a bot network data deep dig module. Compared with the prior art, the invention can analyze and defense the whole bot network integrally, and has the advantages of better defense effect, wider defense range, higher efficiency and better traceability.

Description

Technical field: [0001] The technology belongs to the field of computer security, specifically a method and system for detecting and finding the existence of botnets in the Internet. Background technique: [0002] Botnet refers to the use of one or more means of propagation to infect a large number of hosts with bot programs (bots), thereby forming a one-to-many controllable network between the controller and the infected hosts. [0003] There are several keywords in the concept of botnets. "Bot program" is the abbreviation of robot, which refers to the program code to realize the malicious control function; "zombie computer" is the computer implanted with bot; "Controller computer" refers to a computer that remotely controls the zombie computer by sending instructions to the control server, and the control server forwards these instructions to the zombie computer. Most botnets are botnets controlled based on the IRC (Internet Relay Chat) protocol, and botnets controlled t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/26G06F17/30
Inventor 安丙春
Owner RUN TECH CO LTD BEIJING
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap