Detection method of bot program

A technology of bots and detection methods, applied in the fields of instruments, digital data processing, platform integrity maintenance, etc., can solve problems such as inability to detect known botnet variants or new botnets, poor adaptability, and poor generality.

Active Publication Date: 2010-12-29
四川通信科研规划设计有限责任公司
View PDF2 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method has the following defects: ① It can only detect botnets based on the IRC protocol, and its versatility is poor; ② It can only detect unencrypted botnets, and it is helple

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method of bot program
  • Detection method of bot program
  • Detection method of bot program

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] All features disclosed in this specification, or steps in all methods or processes disclosed, may be combined in any manner, except for mutually exclusive features and / or steps.

[0029] Any feature disclosed in this specification (including any appended claims, abstract and drawings), unless expressly stated otherwise, may be replaced by alternative features which are equivalent or serve a similar purpose. That is, unless expressly stated otherwise, each feature is one example only of a series of equivalent or similar features.

[0030] The system architecture diagram of the bot detection of the present invention is as follows figure 1 As shown, a detection method of a bot program includes: extracting the antibody gene of the normal program set B to construct the antibody gene set Agd l , and a set of antibody genes with different antibody gene lengths Agd l Constituent antibody gene library Agd steps; using antibody gene pools Agd l Carry out feature extractio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a detection method of a bot program and belongs to the technical field of information safety, and the method comprises the following steps: extracting antibody genes of a normal program set B, constructing antibody gene sets Agdl, and forming an antibody gene library Agd by the antibody gene sets Agdl of different antibody gene lengths; carrying out feature extraction on a normal program set B' by the antibody gene sets Agdl and constructing a normal program state model; generating detectors by normal program state sets Cb and generating a detector set by the detectors; detecting the bot program by the detector set; and evolving the antibody gene library and the detectors dynamically. The method can not only identify known bot programs but also discover new bot programs or variations of the known bot programs through self-learning and evolvement in a computer environment which changes in real time, thus effectively solving the key issue that a feature code library of computer viruses can not be synchronous with the multistate bot programs.

Description

technical field [0001] The invention relates to the field of information system security, in particular to a method for detecting a zombie program based on immunity. Background technique [0002] Traditional computer virus detection is mainly based on signature technology, which can only be detected when the virus signature is stored in the signature database in advance, otherwise the virus will escape detection. Bots are a new type of computer malicious code program developed on the basis of traditional computer viruses, Trojan horses, and worms. Bots incorporate various protection mechanisms such as encryption, mutation, and anti-killing. Polymorphic technology generates a new sample during each infection process, which brings great challenges to traditional computer virus detection technology. [0003] The Chinese patent application whose publication number is CN101404658 discloses a method for detecting a botnet, which can analyze and defend the entire botnet as a whole...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/00G06F21/56
Inventor 曾金全唐伟文
Owner 四川通信科研规划设计有限责任公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap