Unlock instant, AI-driven research and patent intelligence for your innovation.

Botnet detection method and controller

A botnet and detection method technology, applied in the field of computer network security, can solve the problems of low botnet detection efficiency and large processing load, etc.

Active Publication Date: 2015-11-25
HUAWEI TECH CO LTD +1
View PDF6 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Aiming at the problems existing in the prior art, the embodiment of the present invention provides a botnet detection method and a controller to overcome the large processing load and the botnet detection caused by cluster analysis based on traffic mirroring and data packet characteristics in the prior art. Detect low-efficiency defects

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Botnet detection method and controller
  • Botnet detection method and controller
  • Botnet detection method and controller

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0107] Figure 1-2 A flow chart of the botnet detection method provided in Embodiment 1 of the present invention, such as Figure 1-2 As shown, the method provided in this embodiment is suitable for detecting a botnet in a network adopting a software-defined network (Software Defined Network, hereinafter referred to as SDN) network architecture. The so-called SDN is to separate the control function of the network switch or router under the traditional network architecture from the device, and hand it over to the controller (Controller) in the SDN to complete. The original network switch or router is only responsible for the data forwarding function. In this way, the separation of the control plane and the data plane is realized. In SDN, the openflow protocol is used for communication between the controller and the switch. Therefore, the switch in the SDN network is called an openflow switch. In the SDN network, the controller centrally controls and manages the transmission o...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides a Botnet detection method and a controller. The method comprises steps: statistical information of each stream forwarding rule reported by an openflow switch in an SDN is received, wherein the statistical information comprises first matching times of a sub stream forwarding rule and second matching times of a mother stream forwarding rule; according to the first matching times and the second matching times, an access probability set for each server to which any user terminal is accessed is determined; according to the access probability set, similarities of user terminals accessed to any two servers are calculated by pairwise, and an access similarity matrix is obtained; and spectral clustering algorithm is adopted to carry out spectral clustering on the access similarity matrix and according to a clustering result, whether a Botnet exists or not can be determined. A source IP address in the mother stream forwarding rule is a subnet address, the processing load of the controller can be greatly reduced, and the Botnet is determined based on access similarities, and the Botnet detection efficiency can be improved.

Description

technical field [0001] The invention belongs to the technical field of computer network security, and in particular relates to a botnet detection method and a controller. Background technique [0002] A botnet (Botnet) refers to a one-to-many control network formed between the attacker and the infected hosts by infecting a large number of hosts with bot programs by using one or more propagation methods. The infected host is the zombie host, and the attacker can control the zombie host one-to-many through the command and control (Command and Control, hereinafter referred to as C&C) channel. The botnet constitutes an attack platform, which can be used to launch various network attacks, resulting in the paralysis of certain application systems and the disclosure of personal privacy. For example, use botnets to send spam, steal secrets and other network attacks. [0003] The current botnet detection methods mostly discover botnets by clustering network data flows. This kind o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L29/06
Inventor 陶敬李剑锋蔡启申
Owner HUAWEI TECH CO LTD