Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

P2P bot sensing based adaptive network flow sampling method

An adaptive network and node-aware technology, which is applied in the direction of data exchange network, digital transmission system, electrical components, etc., can solve problems such as message discarding and the impact of P2P botnet detection accuracy, and achieve fast adjustment speed, strong ability, and improved The effect of detection efficiency

Active Publication Date: 2016-02-24
NAT UNIV OF DEFENSE TECH
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, none of the above sampling methods are specifically designed for P2P botnet detection, so in the P2P botnet detection system based on network traffic, as long as the network traffic sampled by the above sampling methods is used, the detection accuracy of P2P botnet cannot be achieved. to avoid being affected
A large number of packets related to P2P botnets may be discarded, while most of the sampled packets may not be related to P2P botnets

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • P2P bot sensing based adaptive network flow sampling method
  • P2P bot sensing based adaptive network flow sampling method
  • P2P bot sensing based adaptive network flow sampling method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The invention discloses an adaptive network flow sampling method based on P2P zombie node perception, aiming at providing an accurate data source for a P2P zombie network detection system based on network flow. see figure 1 Shown workflow schematic diagram, the method step of the present invention comprises:

[0027] Step 1: Collect key attributes of packets

[0028] At the egress of the high-speed network, collect and count all TCP and UDP packets sent by the internal IP. The packet statistics table contains 8 items: {Pro, IP in ,IP ex ,Port in ,Port ex ,Pkt,Byte,SYN}, the first five items are the transport layer protocol type, internal IP address, external IP address, internal port number, and external port number. Packets with the same five items are counted in the same entry. The latter three items are the number of packets, the sum of packet sizes, and the number of TCP packets whose SYN flag is 1. The time window for statistics is 5 minutes. When the time w...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a P2P bot sensing based adaptive network flow sampling method, and belongs to the field of network data processing. The P2P bot sensing based adaptive network flow sampling method comprises the steps of firstly extracting IP addresses of potential P2P bots in a high speed network at a relatively low cost based on essential features of a P2P botnet; then allocating a target sampling rate based on an instant sampling rate allocation algorithm and calculating an instant sampling rate of each IP address; and finally sampling a message by using the instant sampling rates obtained through calculation, inputting the sampled network flows to a P2P botnet detecting system so as to facilitate further fine-grained detection. The P2P bot sensing based adaptive network flow sampling method is fast in adaptive adjustment speed and strong in capability of sensing the P2P bots, can greatly improve the sampling rate of the P2P dot flows extremely under the condition of keeping the target sampling rate unchanged, and can be seamlessly integrated with an existing network flow based P2P dotnet detecting system.

Description

technical field [0001] The invention relates to the field of network data processing, in particular to an adaptive network flow sampling method based on the perception of P2P zombie nodes. Background technique [0002] P2P botnets have become one of the biggest security threats facing the Internet today. Compared with traditional centralized botnets based on IRC or HTTP, P2P botnets are more stealthy and harder to detect. A P2P botnet is a P2P network composed of infected hosts (bots), which are remotely controlled by an attacker (botmaster) through a command and control (C&C) channel. Attackers can use this platform to launch Distributed Denial-of-Service (DDoS) attacks, send spam, steal private information, etc. [0003] The current P2P botnet detection system mostly realizes the detection of zombie nodes by monitoring network traffic. However, with the rapid development of network link bandwidth and Internet business traffic, the computing and storage overhead required...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L29/08
CPCH04L43/08H04L43/10H04L67/104
Inventor 杨岳湘何杰曾迎之唐川王晓磊施江勇李城烨
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com