Botnet, Trojan horse and worm network analysis method and system based on logs

A zombie network and analysis method technology, applied in the field of zombie network analysis based on DNS logs and RADIUS logs, can solve the problem that there is no way to dig out unknown zombies or bot programs.

Active Publication Date: 2015-04-29
BEIJING RUNSTONE TECH
View PDF3 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This way of thinking has no way to dig out

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Botnet, Trojan horse and worm network analysis method and system based on logs
  • Botnet, Trojan horse and worm network analysis method and system based on logs
  • Botnet, Trojan horse and worm network analysis method and system based on logs

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0063] The implementation of the present invention will be described in detail below in conjunction with the accompanying drawings and examples, so as to fully understand and implement the process of how to apply technical means to solve technical problems and achieve technical effects in the present invention. It should be noted that, as long as there is no conflict, each embodiment and each feature in each embodiment of the present invention can be combined with each other, and the formed technical solutions are all within the protection scope of the present invention.

[0064] Based on the above problems, the present invention is based on the big data analysis platform HADOOP, combined with user online behavior logs (DNS logs) and RADIUS logs, to analyze the common behavioral characteristics of known zombie and worm websites and their bots, to find suspected virus control terminals, and to dig out A relatively complete panorama of botnets.

[0065] Among them, this technica...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a botnet, Trojan horse and worm network analysis method based on logs. The method comprises the steps that step 1, a DNS log and a RADIUS log are obtained; the DNS log comprises date, time, visit information, IP request information, domain name request information, domain name request characteristics, type analysis, IP information analysis and DNS server characteristic information; step 2, log cleaning is performed on the DNS log and the RADIUS log, fields which have no influence on statistics are deleted, fields which influences a statistical result are retained or modified; step 3, a suspicious domain name which confirms with specific characteristics is obtained according to common behavior characteristics of a known botnet, Trojan horse and worm network and a computer which has virus of botnet, Trojan horse and worm; step 4, according to the user visit DNS log and RADIUS log of the suspicious domain name, the characteristics of user groups which visit the suspicious domain name are analyzed, and a domain name of the botnet, Trojan horse and worm is determined according to the characteristics of the user groups.

Description

technical field [0001] The invention belongs to the field of communication computers, and in particular relates to a method for analyzing a deadwood and worm network based on DNS logs and RADIUS logs. Background technique [0002] At present, zombie and worm networks have become one of the most concerned hazards in the field of network security in China and even in the world. [0003] Zombie worm network refers to a network that can be controlled one-to-many between the controller and the infected hosts by infecting a large number of hosts with bot program (bot program) virus by one or more means of transmission. Attackers spread zombie worm programs in various ways to infect a large number of hosts on the Internet, and the infected hosts will receive instructions from attackers through a control channel to form a zombie worm network. [0004] Zombie and worm networks are different from simple security incidents in the past. It is an attack platform with great harm. Using ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/14H04L63/08H04L61/4511
Inventor 杨蓉丁文涛
Owner BEIJING RUNSTONE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap