NetFlow based botnet network detection system and detection method

A botnet and detection method technology, applied in the NetFlow-based botnet detection system and detection field, can solve the problems that it is difficult to ensure accuracy and speed, and cannot quickly and accurately detect botnets

Active Publication Date: 2015-05-13
SHANGHAI JIAO TONG UNIV
View PDF3 Cites 22 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Generally speaking, today's botnets generally have the characteristics of fast update and rapid scale expansion. Some botnets even bypass the detection mechanism by generating a large amount of garbage traffic. Under the circumstances, it is difficult to guarantee accurate and fast
[0005] Existing botnet detection technologies and methods based on network communication monitoring are mostly based on the analysis of the IRC and HTTP protocols commonly used in botnet C&C communication, and the detection of abnormal behaviors such as attacks on botnet infected nodes, which cannot be fast and accurate. botnet detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • NetFlow based botnet network detection system and detection method
  • NetFlow based botnet network detection system and detection method
  • NetFlow based botnet network detection system and detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0068] Such as figure 1 Shown, the botnet detection system based on NetFlow of an embodiment of the present invention comprises:

[0069] The data collection module is set on the key router node of the target network, and is used to collect the NetFlow data flow of the node;

[0070] A preprocessing module, configured to preprocess the NetFlow data stream collected by the data collection module;

[0071] Node evaluation module for analyzing the function F by bot (v i ) to get the suspected botnet probability Pbot corresponding to the data stream i i ;

[0072] The topology discovery module is used to analyze the preprocessed NetFlow data flow, obtain the data flow vector, and draw a data flow communication diagram composed of all data flow vectors;

[0073] Correlation analysis module for drawing and analyzing the probability of suspected botnet Pbot i is the weighted data flow communication graph, and calculates the probability that the target network is a botnet;

[0...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a NetFlow based botnet network detection system which comprises a data acquisition module, a pre-processing module, a node evaluation module, a topology discovery module and a correlation analysis module. The node evaluation module obtains suspected botnet network Pboti corresponding to a data stream I through an analytic function Fbot (vi). The correlation analysis module draws and analyzes a data stream communication diagram using the suspected botnet network Pboti as weight and calculates the probability that a target network is a botnet network, and the target network is the botnet network if the probability is larger than a set threshold value. The invention further provides a botnet network detection method. The NetFlow based botnet network detection system and method integrate high-efficiency NetFlow flow analysis, adopt an analysis algorithm, obtain threat coefficients of all nodes and the whole network topology structure and accurately screen botnet networks with complicated network topology, high mobility, high hiding performance and high perniciousness by being combined with specific topology structure of the target network.

Description

technical field [0001] The invention relates to a botnet detection method in the field of computer network security, in particular to a NetFlow-based botnet comprehensive detection system and detection method. Background technique [0002] Computer network is the most important information facility in today's society. With the rapid development of computer network, the problem of network security has gradually attracted people's widespread attention. A botnet (Botnet) refers to a network organized by attackers (BotOwner) who create and spread bots to control a large number of nodes (commonly known as zombie machines or bots), using command and control (Command and Control, C&C) channels. Networks are often used to launch Distributed Denial-of-Service (DDoS) attacks, send spam, spread or host malicious code and phishing websites, or carry out attacks such as stealing identity information and business secrets. [0003] In recent years, botnets have posed a great threat to com...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/1458H04L63/1483
Inventor 邹福泰徐凯翼王佳慧任思君李建华
Owner SHANGHAI JIAO TONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap