Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Detection system and method of Domain Flux data stream

A data stream and database technology, applied in the field of network security, can solve problems such as large lag and inability to meet real-time requirements, and achieve the effect of real-time detection

Inactive Publication Date: 2012-12-26
INST OF COMPUTING TECH CHINESE ACAD OF SCI
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method relies heavily on the malicious domain list, which has a large lag and cannot meet real-time requirements

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection system and method of Domain Flux data stream
  • Detection system and method of Domain Flux data stream
  • Detection system and method of Domain Flux data stream

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] A system and method for detecting Domain Flux data streams provided by the present invention will be described in detail below with reference to the accompanying drawings and specific embodiments.

[0024] In general, the present invention proposes a method for detecting Domain Flux traffic at the network border. According to the three characteristics of the Domain Flux technology mentioned in the background technology, this method listens to and records all DNS query data streams in the LAN, and calculates the number of occurrences of the largest common substring in the same time window and the probability of DNS resolution failure , based on which it is calculated whether the data flow in the current window belongs to the Domain Flux data flow. The method can detect the existence of Domain Flux traffic in real time, and can determine the source of the data flow, thereby inferring that the host in the LAN is infected with the bot program.

[0025] In one embodiment of...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a system and a method for detecting Domain Flux data stream, and the system comprises a monitoring module, a database operation module and a module for calculating a longest common substring of a window, wherein the monitoring module is used for monitoring and analyzing the data stream coming in and going out a gateway, obtaining a DNS (domain name system) query request data packet and a DNS reply packet, and extracting source IP (internet protocol) address, a DNS to be queried, a time stamp and A recording information which corresponds to the DNS; the database operation module is used for recording the source IP address, the DNS to be queried, the time stamp and the A recording information which corresponds to the DNS extracted by the monitoring module into a database; and the module for calculating the longest common substring of the window is used for calculating any two requested DNS longest common substrings in the time window, counting the number of occurrences of each longest common substring, and further determining the longest common substring of the window.

Description

technical field [0001] The present invention relates to the technical field of network security, more specifically, to a system and method for detecting Domain Flux (domain name flow) data flow. Background technique [0002] There are countless security threats to computers, and the botnets that have emerged in recent years are even more harmful. Botnets are attack platforms that are constructed by invading hosts on the network, can be remotely controlled by attackers, and are used to launch subsequent attacks. The components of a botnet include a bot, a command & control channel (Command & Control Channel, C & C) and a controller (botmaster). The controller issues commands to the zombie host through C&C, and the bot program running on the zombie host is responsible for executing the command. It can be seen that botnets are more harmful than traditional malicious codes and attacks. [0003] Controllability is the essential attribute of a botnet. If the C&C of a botnet can ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/26
Inventor 张治起郭莉刘潮歌廖鹏崔翔
Owner INST OF COMPUTING TECH CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com