Method and system for reviewing Botnet

A botnet and subsystem technology, applied in transmission systems, digital transmission systems, data exchange networks, etc., can solve problems such as inability to suppress botnets, inability to find zombie hosts, difficulty in locating zombie hosts and botnets, etc., to achieve The effect of ensuring network security

Active Publication Date: 2010-12-22
CHINA TELECOM CORP LTD
View PDF3 Cites 41 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

These technologies can only analyze zombie hosts and botnets in a local area of ​​the network, and it is difficult to locate z...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for reviewing Botnet
  • Method and system for reviewing Botnet
  • Method and system for reviewing Botnet

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The present invention will be described more fully hereinafter with reference to the accompanying drawings, in which exemplary embodiments of the invention are illustrated.

[0030] figure 1 A flowchart showing a method for tracing a botnet provided by an embodiment of the present invention.

[0031] like figure 1As shown, the method 100 for tracing a botnet includes: Step 102, the traffic collection subsystem continuously collects traffic data information on the network, and sends the traffic data information to a traffic information database for storage. For example, the traffic collection subsystem is a system for collecting network traffic information, which can adopt a coarse force collection module, a fine-grained force collection module, or a structure with two parts: a coarse force collection module and a fine force collection module; The traffic collection method performed by the coarse module can use the traffic sampling function that comes with the current ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a system for reviewing Botnet. The method comprises the steps of: continuously collecting flow data information on a network through a flow collecting sub-system and sending the flow data information to a flow information database to store, monitoring the network flow through a flow analyzing sub-system, taking out the feature of the Botnet from a Botnet database by a DNS correlation analysis sub-system, searching in the database accessed by DNS with the feature of the Botnet, finding if exist the Botnet accessing order and an access of a control server C&C Server domain name, and if yes, recording each IP address of the C&C Server domain name through the DNS correlation analysis sub-system. The method and system of the invention can find out Botnet and the host computer controlling the Botnet by analyzing and verifying the access request of DNS and the network flow feature, and can perform precautionary measures to the corresponding server and Botnet host computer like refusing service, close the server, and the like, so as to further ensure the safety of the network.

Description

technical field [0001] The invention relates to the field of communication network security, in particular to a method and system for tracing a botnet. Background technique [0002] Currently, technologies for discovering botnets mainly include: Intrusion Detection System (IDS, Intrusion Detection System), honeypot technology and traffic analysis. Among them, IDS monitors the operating status of the network and system according to certain security policies, and discovers various attack attempts, attack behaviors or attack results as much as possible, so as to ensure the confidentiality, integrity and availability of network system resources. IDS is suitable for LAN egress and can only find discovered botnets. Honeypot technology is similar to an intelligence collection system, which acts as a deliberate target to lure hackers to attack. Once an attacker invades, he can know how it was implemented and succeeded, so as to keep abreast of the latest attacks and vulnerabilitie...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/56H04L29/12
Inventor 余晓光沈军金华敏
Owner CHINA TELECOM CORP LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap