A method for tracking a backbone network botnet based on a distributed space-time mechanism

A botnet, distributed technology, applied in the field of backbone network botnet tracking based on distributed space-time mechanism, to avoid passivation

Inactive Publication Date: 2014-11-05
南京烽火星空通信发展有限公司
View PDF0 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The main problem with this type of method is that honeypots can only passively detect some botnet information

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method for tracking a backbone network botnet based on a distributed space-time mechanism

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] The structure of this patent application is as follows figure 1 As shown, it includes network traffic probe, macro distribution feature extraction engine, IP classifier, distributed mechanism discrimination engine, DNS anomaly detection engine, DNS whitelist, Fast Flux DNS detection module, secondary probe, and access behavior iterator.

[0021] The working steps of the backbone network botnet tracking method in the network security field described in this patent application are as follows:

[0022] (1) The traffic probe sends the DNS data in the traffic to the DNS abnormal traffic detection engine, which uses the whitelist to filter and then sends the DNS access data to the Fast Flux DNS detection module to detect domain names with Fast Flux DNS features;

[0023] (2) The traffic probe sends the TCP handshake message and end message in the traffic to the macro distribution feature extraction engine to obtain the IP address data represented by the macro distribution fe...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

There is provided a method for tracking a backbone network botnet based on a distributed space-time mechanism. According to the method, a traffic probe sends DNS data in traffic to a DNS abnormity traffic detection engine, which executes filtering by using a white list and sends DNS access data to a Fast Flux DNS detection module to detect a domain name with Fast Flux DNS characteristic. The traffic probe sends a TCP handshake message and an end message that are in the traffic to a macro distribution characteristic extraction engine to obtain IP address data represented by macro distribution characteristic, and an IP cluster executes clustering to obtain an IP prefix for abnormal behavior, and sends the IP prefix to a distributed mechanism determination engine to execute abnormity IP behavior feature extraction. Filter processing of a secondary probe is executed on the domain name with Fast Flux DNS characteristic and the abnormity IP behavior feature, and the filtered result is inputted to an iterator and iterated to output intermediate node information; the iteration is executed repeatedly by the secondary probe and the iterator until there is no output from the secondary probe, and at the moment, the intermediate node information is a trackable botnet node with the highest hierarchy.

Description

[0001] technical field [0002] This patent application relates to a backbone network botnet tracking method in the field of network security, which mainly uses the distributed space-time mechanism to track nodes at all levels of the botnet. [0003] Background technique [0004] Now botnets have become an important issue affecting network security, but botnets are difficult to be tracked and traced due to their multi-level characteristics. [0005] In order to solve this problem, the current common practice is to conduct honeypot processing, extract and summarize the information of the botnet and then track it on the backbone network. The main problem with this type of method is that honeypots can only passively detect some botnet information. If you need to actively obtain traces of the botnet, you need to use the behavioral characteristics of the botnet when it is active. [0006] The distributed space-time mechanism of this application refers to the IP clustering beh...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L29/06H04L29/12
Inventor 邢苏霄彭艳兵汪洋程光易黎李渊胡蓓蓓吴桦
Owner 南京烽火星空通信发展有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap