Feature code generation method and detection method of mobile botnet

A botnet and feature code technology, applied in the field of mobile botnet feature code generation and mobile botnet detection, can solve the problems of no research on mobile botnet detection and little research on mobile botnet defense, and achieve false positives low rate effect

Inactive Publication Date: 2012-01-25
INST OF COMPUTING TECH CHINESE ACAD OF SCI
View PDF3 Cites 32 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of the security problems brought about by the emergence of mobile botnets above, some corresponding defense measures are needed to fight against them. However, there are very few researches on the defense of mobile botnets, and almost no research on the detection of mobile botnets.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Feature code generation method and detection method of mobile botnet
  • Feature code generation method and detection method of mobile botnet
  • Feature code generation method and detection method of mobile botnet

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] In order to make the purpose, technical solution and advantages of the present invention clearer, the method for detecting mobile botnets provided in the embodiments of the present invention will be further described in detail below in conjunction with the accompanying drawings. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0028] In order to detect a botnet, it is first necessary to understand the characteristics of the botnet. The inventors have found through long-term research that the botnet has the following characteristics: since the response behavior of the bot to the command and control has been determined during programming, the behavior of the bot in the same botnet has similarity in time and space. Among them, the spatio-temporal similarity means that a large number of bots often show coordination when maintaining connections, sending and receiving con...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method for generating feature codes of a mobile botnet. The method comprises the following steps: capturing network flow of a suspicious host group; partitioning a network flow data packet based on contents, and obtaining identical character strings; carrying out statistical analysis on the identical character strings, calculating the popularity of the character strings, and extracting the character strings the popularity of which exceeds a certain threshold value; and filtering the character strings the popularity of which exceeds a certain threshold value, excluding the common character strings, and taking the residual character strings as the feature codes. The invention further provides a method for detecting the mobile botnet by the generated feature codes. The method comprises the following steps of: capturing network flow of a host group to be detected, wherein, the network flow is a data packet, the data packet is provided with a packet header and an effective load, and the packet header and the effective load are a series of character strings; matching the character strings by virtue of the feature codes; determining the successfully matched flow as a bot program for a mobile phone, and recording information; and discharging the unsuccessfully matched flow.

Description

technical field [0001] The invention relates to the technical field of mobile Internet security, in particular to a method for generating a characteristic code of a mobile botnet and a method for detecting a mobile botnet. Background technique [0002] With the development of the mobile Internet, the gradual popularization of smart phones; because smart phones gradually have more powerful computing power and more convenient access to the network, it provides a basis for the emergence and development of mobile botnets. [0003] Mobile botnets are the development of botnets on mobile terminals, referring to groups of controllable mobile terminals established by attackers through mobile phone bots. Similar to botnets on computer platforms, mobile botnet attackers can use mobile terminals such as smart phones to conduct SMS flood attacks, send spam, order high-priced SP services and other harmful behaviors. These behaviors greatly threaten the privacy and property security of m...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04W12/12H04L29/06H04W12/088H04W12/121H04W12/128
Inventor 卢维清崔翔郭莉
Owner INST OF COMPUTING TECH CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap