Zombie network detection method and device

A technology of botnets and detection methods, applied in electrical components, transmission systems, etc., can solve the problem that botnets cannot respond in real time to human participation and analysis workload, and achieve the effect of efficient and safe network communication and reduce workload.

Active Publication Date: 2013-02-13
UNITED ELECTRONICS
View PDF5 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] The honeypot-based system captures the botnet based on the built honeypot, passively waiting for the intrusion and control of the botnet, which has the disadvantages of not being able to respond to the botnet in real time and subsequent manual participation in analysis is heavy.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Zombie network detection method and device
  • Zombie network detection method and device
  • Zombie network detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below with reference to specific embodiments and accompanying drawings.

[0031] In the botnet monitoring method in this embodiment, by deploying network detection equipment, firstly, packet feature detection is performed according to the rule base, and the communication packets between the controller and the IRC server, the IRC server and the zombie host are monitored, and the packets are discarded. , thereby blocking the communication of the botnet. Then, the monitoring table of controller bot and IRC server is established by the detection device, and subsequent behavior analysis and monitoring of the IRC botnet are performed to clearly detect the various roles of the IRC botnet such as the IRC server, the controller, and the botnet.

[0032] figure 1 Schematic diagram of issuing and forwarding botnet attack i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a zombie network detection method and device. The zombie network detection method comprises the following steps of: carrying out zombie network characteristics detection and extracting zombie network information; monitoring behavior detection according to the zombie network information and storing the zombie network information in a monitoring form; scanning the monitoring form at regular time; and writing the zombie network information scanned in the monitoring form into a database to be written. The zombie network detection device is used for carrying out zombie network detection according to the zombie network detection method provided by the invention.

Description

technical field [0001] The present invention relates to computer networks, in particular to a method and device for detecting botnets. Background technique [0002] Botnet refers to a one-to-many controllable network formed between the controller and the infected host by infecting a large number of hosts with bot virus by one or more means of propagation. Attackers spread bots through various ways to infect a large number of hosts on the Internet, and the infected hosts will receive the attacker's instructions through a control channel to form a botnet. [0003] A botnet is a group of computers on the Internet that are centrally controlled by hackers, and are often used by hackers to launch large-scale network attacks, such as distributed denial of service attacks and massive spam attacks. It is a one-to-many control relationship, and the reason for this topology relationship enables an attacker to efficiently control a large number of resources to serve it at a very low co...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 李安坤吴烜丁洪震
Owner UNITED ELECTRONICS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap