P2P botnet detection device and method based on flow analysis

A botnet and traffic analysis technology, applied in the field of P2P botnet detection devices, can solve the problems of lack of scalability and low detection efficiency, achieve good scalability and the ability to detect large networks, high processing data rate, The effect of increasing speed and flexibility

Inactive Publication Date: 2015-06-03
XIDIAN UNIV
View PDF5 Cites 22 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the present invention is to overcome the low detection efficiency and lack of scalability of the above-mentioned prior art, and propose a P2P botnet detection device and method based on traffic analysis

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • P2P botnet detection device and method based on flow analysis
  • P2P botnet detection device and method based on flow analysis
  • P2P botnet detection device and method based on flow analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0052] The present invention will be further described below in conjunction with the accompanying drawings.

[0053] Refer to attached figure 1 , the device of the present invention includes five modules: a data acquisition module, a data preprocessing module, a node ranking module, a clustering module and a detection module, and the modules are connected through a bus. in:

[0054] The data collection module is used to collect the network traffic data output by the core router in the suspicious network by adopting a multi-process programming method, and each process corresponds to a core router in the suspicious network, and transmits the network traffic data to the data preprocessing module;

[0055] The data preprocessing module is used to adopt a multi-process programming method to aggregate and filter the network flow data collected by the data acquisition module, generate a communication adjacency matrix, and transmit the communication adjacency matrix to the node ranki...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a P2P botnet detection device and method based on flow analysis and mainly solves the problems of low detection rate and no expandability in the prior art. The P2P botnet detection device comprises a data acquisition module, a data preprocessing module, a node ranking module, a clustering module and a detection module. The method comprises the following steps: (1) acquiring network traffic data; (2) clustering and filtering the network traffic data; (3) calculating a clustering hub value vector; (4) calculating a clustering authority value vector; (5) clustering the clustering hub value vector and the clustering authority value vector; (6) judging detection results. According to the P2P botnet detection device and method, the data preprocessing module is added behind the data acquisition module, the network traffic data is analyzed through calculating the hub value vector and the authority value vector, and the defects of low detection efficiency and no expandability in the prior art are overcome.

Description

technical field [0001] The invention belongs to the technical field of communication, and further relates to a P2P botnet detection device based on traffic analysis in the technical field of communication network security, and uses the device to establish an expandable detection method. The invention can be used to detect P2P zombie hosts existing in a large network, so that other communication network security technologies can control these hosts. Background technique [0002] Botnet detection technology is used to discover zombie hosts in the network, so that other communication network security technologies can be used to prevent botnets from invading hosts in the network. Typical botnet detection methods currently include: [0003] Shishir Nagaraja, Prateek Mittal, Chi-Yao Hong, Matthew Caesar and Nikita Borisov proposed a A BotGrep detection method. The method is executed in two steps: first, a communication graph is generated from network traffic, where nodes repres...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 马文平谢舜
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap