Detection and processing method and system for botnet domain names

A botnet and processing method technology, applied in the field of domain name detection and processing, can solve problems such as difficulty in tracking and blocking criminal behaviors, and achieve the effect of preventing bad behaviors on the network

Active Publication Date: 2013-06-12
CHINA INTERNET NETWORK INFORMATION CENTER
View PDF8 Cites 31 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This mechanism of constantly changing DNS records makes it more difficult to track and block criminal activities

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection and processing method and system for botnet domain names
  • Detection and processing method and system for botnet domain names
  • Detection and processing method and system for botnet domain names

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. It should be understood that the described embodiments are only part of the embodiments of the present invention, not all of them. example. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without making creative efforts belong to the protection scope of the present invention.

[0034] The present invention at first establishes the botnet domain name sample collection according to various open botnet domain names, then according to the general activity rule of the botnet, the present invention proposes the following and machine learning features:

[0035] 1) Daily similarity: By calculating the gap between the daily query volume of a domain name, it can be judged whether the domain name has similar activitie...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a detection and processing method and a system for botnet domain names. The detection and processing system is composed of an input module, an output module, a real-time calibration module and a processing module. The method comprises the step: 1) carrying out log query on a to-be-detected network domain name, and obtaining a log record of domain name query and inputting the log record to a detection port; 2) extracting and obtaining characteristics of the domain name according to the log record of the domain name query, and carrying out machine learning on the characteristics of the domain name; 3) after the machine learning, extracting the botnet domain names in a domain name on an outgoing line and/or a local domain name log; and 4) building a data base of the botnet domain names, carrying out breakdown through a black hole authoritative server, and finishing the processing. According to the detection and processing method and the system for the botnet domain names, while the botnet domain names can be extracted from a domain name server (DNS) to be broken down and separated so as to crack down botnet crimes, the botnet domain names are collected, and a network bad action that a botnet host is connected with a controlling end through the domain names so as to receive vicious commands is effectively prevented.

Description

technical field [0001] The invention relates to a domain name detection and processing method and system, in particular to a detection and processing of a botnet domain name. Background technique [0002] With the development of social informatization, the Internet has penetrated into all aspects of social life. Therefore, security attacks on the Internet are becoming more frequent and serious. As the most basic addressing protocol of the Internet, DNS is the basis for the smooth development of almost all Internet applications, and its failure to fully consider the flaws in security guarantees and its completely open features at the beginning of its design also make it an important tool for various malicious applications. Preferred attack target or tool. [0003] Botnet is a very harmful and serious Internet malicious attack mode, and in order to hide the control and command end of botnet, DNS has become the mainstream form of communication for botnet in recent years. Its...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/12H04L12/26
Inventor 延志伟
Owner CHINA INTERNET NETWORK INFORMATION CENTER
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap