Domain name server (DNS) data packet-based bot-net domain name discovery method

A technology of DNS packets and botnets, applied in the field of botnet domain name discovery based on DNS packets, can solve problems such as difficulty in applying large-scale networks, inability to effectively detect botnets, and strong limitations.

Inactive Publication Date: 2012-09-19
XI AN JIAOTONG UNIV
View PDF3 Cites 38 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] 2) Network-based detection methods have high requirements on data sources, and are difficult to apply to large-scale networks due to complex data calculations
[0006] 3) The dete

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Domain name server (DNS) data packet-based bot-net domain name discovery method
  • Domain name server (DNS) data packet-based bot-net domain name discovery method
  • Domain name server (DNS) data packet-based bot-net domain name discovery method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] In order to understand the method more clearly, the method will be further described in detail below through specific implementation manners in conjunction with the accompanying drawings.

[0045] figure 1 A schematic diagram of the co-occurrence behavior of botnets.

[0046] Regardless of the centralized or distributed structure of the botnet, whether it is IRC or HTTP protocol, they all have the following common features: (1) Spatial groupness. Be controlled by the same hacker or hacker organization, receive the same or coordinated attack commands, and have the same network access rules; (2) Time continuity. Zombie hosts continuously access relevant target servers (including control servers, update servers, etc.) in time, and always keep in touch with the zombie controller. Botnets usually use multiple different domain names in the process of command and control, and bot hosts will continue to access these specific domain names during their life cycle to maintain an...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a domain name server (DNS) data packet-based bot-net domain name discovery method. A DNS data packet is taken as a basic data source in a network layer, and a domain name co-occurrence scoring method is used for tracking and discovering a plurality of bot-net domain names under the condition that a part of bot-net domain names are known by utilizing the two key features of groupment and persistence of a bot-net. Known local features (manifesting as bot-net domain names) of the bot-net are updated or changed into unknown domain names along with time, the unknown domain names are discovered, and the dynamic variations of access behaviors of a specified bio-net are discovered, mastered and tracked, so that the shortcomings of the conventional bio-net detection method are overcome. According to the method, domain names are taken as features, so that the limitation caused by bio-net protocol diversity, information encryption and the like when feature codes are used for detection can be avoided; and an object is observed according to the co-occurrence behaviors of the domain names, so that the unknown bio-net domain names can be discovered by fully utilizing the features of groupment and persistence of the bio-net.

Description

technical field [0001] The method relates to the field of computer network security, and relates to a method for discovering a domain name of a botnet, in particular to a method for discovering a domain name of a botnet based on DNS data packets. Background technique [0002] A botnet is a collection of zombie hosts (zombie) infected by a bot program (bot) and having a command-and-control relationship. These zombie hosts are distributed in various occasions such as homes, enterprises, and government agencies, and receive instructions from the controller (botmaster). , carry out various network attacks such as DDoS, information theft, phishing, spam, advertising abuse, and illegal voting. serious security threat. One-to-many command and control (C&C) is the fundamental feature that distinguishes botnets from traditional virus, Trojan horse, backdoor and other attack technologies. feature. [0003] At present, the traditional method of botnet detection is to use signature c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
Inventor 王志文刘璐陶敬马小博周文瑜
Owner XI AN JIAOTONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap