Unlock instant, AI-driven research and patent intelligence for your innovation.

A malicious code infection host scale estimation system and method

A malicious code and host technology, applied in the field of network communication security, can solve security risks, affect data integrity, privacy protection and other issues, and achieve strong practicability, easy deployment and implementation

Active Publication Date: 2016-01-06
XI AN JIAOTONG UNIV
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this approach faces privacy protection issues
On the one hand, users do not cooperate with the deployment of this type of client because they are unwilling to be monitored, which greatly affects the integrity of the data; on the other hand, this host-side monitoring method may be used as a backdoor program, causing serious security risks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A malicious code infection host scale estimation system and method
  • A malicious code infection host scale estimation system and method
  • A malicious code infection host scale estimation system and method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018] The technical solution of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0019] see figure 1 As shown, the system for estimating the scale of malicious code-infected hosts in a specific area based on DNS cache detection includes a DNS resolver search module, a DNS detection module, and a malicious code-infected host scale estimation module.

[0020] The DNS resolver search module is used to search for a DNS resolver that can be used as a probe within a specific area (for example, a geographical area, such as a specified country, province, or city). Each DNS resolver output by this module corresponds to a network domain that can be used to estimate the scale of malicious code infected hosts.

[0021] The DNS detection module is used to detect in real time the cached information of the command and control domain names of one or more malicious codes in the DNS resolver provided by the DNS resolver search module, as...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a DNS cache detection-based system and method for estimating the scale of hosts infected by appointed malicious codes. The system comprises three main modules which are a specific region DNS resolver search module, a DNS detection module and a malicious code infecting host scale estimation module. DNS resolvers in a specific region are detected, cache information of malicious domain names in each DNS resolver is collected, a mixing index estimation model is built on the basis of the information, and the scale of the hosts, infected by the malicious codes, in a corresponding network domain is estimated. The system effectively resolves problems in privacy protection, network authorization and other traditional monitoring methods.

Description

technical field [0001] The invention relates to the field of network communication security, in particular to a system and method for estimating the scale of a malicious code infected host. Background technique [0002] Accurately and effectively obtaining the scale of malware-infected hosts is of great significance for in-depth analysis and research on its propagation mechanism and the degree of damage to the Internet. Unfortunately, although this valuable information is necessary for early malicious code prevention and situational assessment, network administrators are often reluctant to disclose malicious code infections within their networks due to several factors. In order to understand the infection situation of malicious codes, a common method is to deploy an information collection client on the user host, for example, record the URL accessed by the user host in the form of a browser plug-in. However, this approach faces privacy protection issues. On the one hand, u...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
Inventor 陶敬马小博李剑锋管晓宏周文瑜周天邹孙颖胡文君
Owner XI AN JIAOTONG UNIV