A botnet detection method and system based on gateway and local

A detection method and gateway technology, applied in the field of information security, can solve the problems of indistinguishable protocol identification, and achieve the effect of easy addition and deletion, easy expansion, and convenient disposal.

Active Publication Date: 2017-11-28
SHENZHEN ANZHITIAN INFORMATION TECH
View PDF4 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Protocol identification is even more difficult to distinguish which are malicious code exploits and which are normal behaviors

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A botnet detection method and system based on gateway and local
  • A botnet detection method and system based on gateway and local

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] The present invention provides a kind of Botnet detection method and system based on gateway and local, in order to make those skilled in the art better understand the technical scheme in the embodiment of the present invention, and make the above-mentioned purpose, feature and advantage of the present invention can It is more obvious and easy to understand, and the technical solution in the present invention will be described in further detail below in conjunction with the accompanying drawings:

[0033] The present invention firstly provides a kind of Botnet detection method embodiment based on gateway and local, as figure 1 shown, including:

[0034] S101 performs host traffic monitoring, captures network data packets in real time, and continues to execute S102; S111 performs gateway traffic monitoring, captures network data packets in real time, and continues to execute S112 or S122;

[0035] S112 parses the network data packet captured by the gateway flow monitori...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a Botnet detection method and system based on a gateway and a local. Firstly, the host flow monitoring and the gateway flow monitoring are carried out respectively, and the network data packets are captured in real time; the content information and time information of the network data packets are acquired through analysis; the network data packets are judged The content similarity, time similarity or host network behavior between data packets, the above three detection operations are used in combination according to needs, and the weights are set separately to judge whether the total weight reaches the warning value. If so, it is considered that there is a Botnet. And call the police, otherwise it is considered safe. The technical solution provided by the present invention solves the problem of detection lag in signature code scanning and network traffic technology, and does not require cluster construction like honeypot technology, saving resources and time.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a gateway-based and local Botnet detection method and system. Background technique [0002] With the rapid upgrading of software and hardware and the popularization of the Internet, malicious codes have also evolved accordingly, showing a geometric progression in terms of both quantity and type. Among the types of malicious code, there is a large category of Botnet, which is a botnet. Botnet refers to the use of a variety of propagation methods to infect a large number of hosts with bot programs, thereby forming a network that can be controlled one-to-many between the controller and the infected hosts. are at the forefront of malicious code. [0003] Since 1993, Eggdrop, the first Bot tool, has appeared in the IRC chat network, and various Botnet malicious codes such as TFN, TFN2K, Trinoo, GTBot, Sdbot, Agobot, Gaobot, RBot, Spybot, and Phatbot have appeared one af...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/26H04L29/06
Inventor 刘佳男宋兵李柏松
Owner SHENZHEN ANZHITIAN INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap