Method for detecting P2P botnet structure based on network flow clustering

A network structure and network flow technology, applied in the field of P2P botnet structure detection based on network flow clustering, can solve the problems that P2P botnets are not easy to detect and discover

Inactive Publication Date: 2011-04-13
BEIHANG UNIV
View PDF6 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Compared with centralized botnets, P2P botnets are

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for detecting P2P botnet structure based on network flow clustering
  • Method for detecting P2P botnet structure based on network flow clustering
  • Method for detecting P2P botnet structure based on network flow clustering

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] The present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments.

[0023] A kind of method of detecting P2P botnet structure based on network flow clustering of the present invention, this method comprises following detection steps:

[0024] Step 1: Collect real-time communication data

[0025] The first aspect of the real-time communication data acquisition module obtains the IP datagram IPD of the monitored network from the monitored network, and extracts the key field KF from the IP datagram IPD;

[0026] The key field KF includes source IP address SIP, destination IP address DIP, source port number SPT, destination port number DPT, IP header length IHL, IP datagram total length ITL, TCP / UDP header length THL , IP datagram protocol field type PTL; according to the set expression form in mathematics, it is KF={SIP, DIP, SPT, DPT, IHL, ITL, THL, PTL}.

[0027] In the present invention, when the PTL is the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for detecting a peer-to-peer (P2P) botnet structure based on network flow clustering. In the method, the detection of the P2P botnet structure is finished by the sequential execution of a real-time communication data acquisition module, a datagram record and filter module, a network flow extraction module, a network flow record and filter module, a network flow clustering module and a data association and result display module. The basic thought of the method is that: a defender determines a command and control relationship between P2P botnet nodes in a monitored network so as to give a P2P botnet structure by identifying a command and control communication in the communication data of the monitored network by utilizing the regularity, namely the characteristics such as the duration, the quantity of datagrams, the quantity of bytes and the like, between the command and the control communication between the P2P botnet nodes. The main innovations are that: communication network flows which have similar characteristics are clustered by a clustering method; and compared with the characteristics in a characteristic set of the command and the control communication, normal communication is distinguished from P2P botnet communication, so that the aim of detecting the P2P botnet structure is fulfilled.

Description

technical field [0001] The invention relates to a method for discovering network structure, more particularly, a method for detecting P2P botnet structure based on network flow clustering. Background technique [0002] Botnets are a network composed of a large number of computer programs that control computer resources without authorization and can accept remote control commands to perform corresponding operations. It is a new attack method evolved from the form of traditional malicious code. It provides attackers with a hidden, flexible and efficient one-to-many command and control mechanism, which can control a large number of zombie hosts to achieve information theft and distributed denial of service attacks. and spam sending and other attack purposes; among them, the one-to-many command and control mechanism is its essential feature. An attacker is a computer or person who, by using a computer network, takes actions to disrupt, block, impair or destroy information resid...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/26H04L29/06H04L29/08
Inventor 夏春和段俊锋姚珊王海泉冯杰
Owner BEIHANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap