Method and system for detecting bot network

A botnet and zombie technology, applied in the transmission system, digital transmission system, data exchange network, etc., can solve problems such as difficult to achieve effective results, and achieve good overall defense effect, good defense effect, and effective defense effect
CN101404658AInactive Publication Date: 2009-04-08RUN TECH CO LTD BEIJING
0 Cites 51 Cited by

Patent Information

Authority / Receiving Office
CN · China
Current Assignee / Owner
RUN TECH CO LTD BEIJING
Publication Date
2009-04-08
Estimated Expiration
Not applicable · inactive patent

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
Patent Text Reader

Abstract

The invention discloses a method for detecting a bot network and a system thereof, which belong to the field of computer security. The method comprises the following steps: first, extracting IRC protocol data from a network data packet; then, matching the protocol data with feature codes in a data feature bank to acquire a bot network data packet; dividing the bot network data packet, and linking the bot network data packets from the same bot network; finally, determining a control server, a bot computer and a bot network control computer from the same bot network according to the divided bot network data packets, thereby describing the topology of the bot network. The system comprises a network data analysis module, a bot network data identification module and a bot network data deep dig module. Compared with the prior art, the invention can analyze and defense the whole bot network integrally, and has the advantages of better defense effect, wider defense range, higher efficiency and better traceability.
Need to check novelty before this filing date? Find Prior Art

Description

Technical field:

[0001] The technology belongs to the field of computer security, specifically a method and system for detecting and finding the existence of botnets in the Internet. Background technique:

[0002] Botnet refers to the use of one or more means of propagation to infect a large number of hosts with bot programs (bots), thereby forming a one-to-many controllable network between the controller and the infected hosts.

[0003] There are several keywords in the concept of botnets. "Bot program" is the abbreviation of robot, which refers to the program code to realize the malicious control function; "zombie computer" is the computer implanted with bot; "Controller computer" refers to a computer that remotely controls the zombie computer by sending instructions to the control server, and the control server forwards these instructions to the zombie computer. Most botnets are botnets controlled based on the IRC (Internet Relay Chat) protocol, and botnets controlled t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More