Unlock instant, AI-driven research and patent intelligence for your innovation.

Method for detecting botnet based on similarity measurement of host flow power spectrum

A similarity measurement and botnet technology, which is applied in the field of botnet detection based on the similarity measurement of host traffic power spectrum, and can solve problems such as poor P2P botnet effect.

Inactive Publication Date: 2015-02-25
PLA PEOPLES LIBERATION ARMY OF CHINA STRATEGIC SUPPORT FORCE AEROSPACE ENG UNIV
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The purpose of this method is to identify homologous botnets that use different IRC control servers. It is only suitable for IRC-type botnets, and it is less effective for new P2P botnets.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for detecting botnet based on similarity measurement of host flow power spectrum
  • Method for detecting botnet based on similarity measurement of host flow power spectrum
  • Method for detecting botnet based on similarity measurement of host flow power spectrum

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0096]The invention proposes a botnet detection method based on the similarity measurement of the power spectrum of the host traffic. After discrete Fourier transform, the power spectrum sequence of each host traffic is obtained, and the optimized DTW distance of the host pair power spectrum sequence is calculated. According to the reliability of each host in the state, according to the size of the value, it is judged whether there is a botnet in the detected network, so as to realize the detection of the botnet.

[0097] The method of the present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.

[0098] A botnet detection method based on the similarity measurement of host traffic power spectrum, the basic implementation process is as follows figure 2 As shown, the specific implementation steps are:

[0099] Step 1. Network egress traffic data collection

[0100] Based on libpcap / winpcap and other too...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for detecting a botnet based on similarity measurement of host flow power spectrum, and belongs to the field of network communication security. After pretreatment of acquired network output flow data, the network output flow data is described by using an autocorrelation function, and through DFT of the autocorrelation function, flow power spectrum sequences of each of the hosts are obtained. Optimized DTW distances of the hosts on power spectrum sequences are calculated, and the host pairs with the optimized DTW distances which are lower than a threshold are put in a host pair assembly. Finally, reliability of each host pair's state in the host pair assembly is calculated using a space-time association algorithm and whether the botnet exists in the detected network is determined according to the reliability value, thereby realizing detection of the botnet. Using the optimized DTW distances to describe the similarity of the flow power spectrum of the host pairs, influences on detection effect brought about by zombie host individual differences are prevented. Using the space-time association algorithm to analyze the reliability of the host pairs' state makes the best of dependence of host flow in time and space, and detection effect is improved.

Description

technical field [0001] The invention relates to the field of network communication security, in particular to a botnet detection method based on the similarity measurement of the power spectrum of host traffic. Background technique [0002] A botnet refers to a network composed of a one-to-many command and control channel (Command and Control, C&C) by an attacker spreading a bot program to control a large number of hosts for malicious purposes. Botnets provide attackers with a hidden, flexible and efficient one-to-many command and control mechanism. Botnet controllers can control a large number of zombie hosts to achieve information theft, distributed denial of service attacks, and spam sending. Botnets are entering a period of rapid development, posing a serious threat to Internet security. [0003] Representative detection strategies for botnets at home and abroad mainly include detection based on honeypot technology, detection based on terminal information and detection ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 邹鹏郑黎明李润恒贾焰王宇韩伟杰
Owner PLA PEOPLES LIBERATION ARMY OF CHINA STRATEGIC SUPPORT FORCE AEROSPACE ENG UNIV
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com