Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Zombie host detection method, detection device and firewall

A zombie host and detection method technology, which is applied in the field of network security, can solve the problems of low accuracy of zombie host detection methods, achieve the effects of reducing the misjudgment rate of zombie detection, improving the detection rate, and solving low accuracy

Active Publication Date: 2016-12-28
HILLSTONE NETWORKS CO LTD
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] The main purpose of the present invention is to provide a zombie host detection method, detection device and firewall, to solve the problem of low accuracy of the zombie host detection method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Zombie host detection method, detection device and firewall
  • Zombie host detection method, detection device and firewall
  • Zombie host detection method, detection device and firewall

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined with each other. The present invention will be described in detail below with reference to the accompanying drawings and examples.

[0038] Firstly, an embodiment of the detection method for a zombie host provided by the present invention is introduced.

[0039] figure 1 The flow chart of the detection method of zombie host according to the embodiment of the present invention, as figure 1 As shown, the detection method includes the following steps S102 to S108.

[0040] Step S102: Detect the network behavior of the internal host of the gateway to obtain the host behavior.

[0041] This step can be realized by a detection engine, which can be composed of a series of engines to detect the network behavior of the detected host from different aspects, such as malicious URL / IP detection engine, signature matching detection eng...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a detection method, a detection device and a firewall for a zombie host. The detection method comprises the following steps of: detecting network behaviors of an internal host of a gateway to obtain host behaviors; identifying the host behaviors to obtain behavior characteristics of the host behaviors; judging whether the host behaviors belong to behaviors in a preset behavior library according to the behavior characteristics, wherein the preset behavior library comprises a plurality of behaviors of the zombie host; and when the host behaviors belong to the behaviors in the preset behavior library, judging whether the internal host of the gateway is a zombie host according to the host behaviors. According to the detection method, the detection device and the firewall, the detection ratio of the zombie host is improved, and the misjudgment ratio of zombie detection is reduced.

Description

technical field [0001] The invention relates to the field of network security, in particular to a detection method, a detection device and a firewall of a zombie host. Background technique [0002] Botnet (Botnet) is a common threat in various networks. It sends malicious codes to hosts through various forms such as emails and web scripts and executes them, so as to achieve the purpose of controlling hosts to become zombie hosts (Zombie). Its main hazards include attacking a certain service on the external network or stealing sensitive corporate information. Once these attacks occur, it will consume a lot of network resources and may leak corporate secrets. Therefore, it is necessary to detect possible zombie hosts as early as possible in the early stage of the attack, so as to avoid the expansion of the threat range. [0003] Traditional methods for detecting zombie hosts can be roughly divided into two types: the first type is the method of feature matching, and the secon...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 周明中周伦
Owner HILLSTONE NETWORKS CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com