Botnet distributed real-time detection method and system

A distributed real-time, botnet technology, applied in the field of botnet distributed real-time detection methods and systems, can solve problems such as difficulty in applying 10 Gigabit enterprise environment, difficulty in applying ISPs customer environment, high time cost, etc., to improve the overall detection performance Effect

Active Publication Date: 2016-06-15
CHINA INFORMATION TECH SECURITY EVALUATION CENT +2
View PDF4 Cites 32 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This type of method has a large time cost in the feature extraction stage, and is only applicable to the enterprise Gigabit network environment, and it is difficult to apply to the 10 Gigabit enterprise environment (serious packet loss), and it is even more difficult to apply to the ISPs customer environment.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Botnet distributed real-time detection method and system
  • Botnet distributed real-time detection method and system
  • Botnet distributed real-time detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0066] In order to facilitate the understanding of those skilled in the art, the present invention will be further described below in conjunction with the accompanying drawings, which cannot be used to limit the protection scope of the present invention.

[0067] The present invention adopts two ways to improve detection performance, one is to use higher-level Netflow information. According to network traffic conditions, you can choose to use standard Netflow data or custom Netflow data. For the extraction of custom Netflow data, no deep packet analysis process is required, and it is not sensitive to channel encryption. Second, the SparkStream distributed stream processing engine is introduced in the training and analysis phase, which can expand the system horizontally according to the amount of Netflow data, that is, to improve processing performance by adding machines.

[0068] Specifically, the present invention proposes a distributed real-time detection method for botnets...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a botnet distributed real-time detection method and system. The botnet distributed real-time detection method comprises the steps of generating a network flow metadata Netflow information and sending the network flow metadata Netflow information to a data detection component by a data generation component; extracting multiple training detection characteristics from marked training data and establishing a detection model serving as a detection standard of a real-time detection unit by a detection model training unit of the data detection component; and by the real-time detection unit of the data detection component, receiving the Netflow information sent in real time, extracting multiple detection characteristics and comparing with the detection model, and obtaining alarm information including a detection object identifier when the comparison result is matched, and comparing the alarm information with a blacklist and a whitelist of a host to obtain a confirmed controlled bot host and a doubtful controlled bot host. The scheme of the botnet distributed real-time detection method and system not only can be applied to an enterprise network with gigabit flow, but also can be applied to a ISPs network; and the overall detection performance of the botnet detection is improved.

Description

technical field [0001] The invention relates to the communication field, in particular to a distributed real-time detection method and system for a botnet. Background technique [0002] At present, global Internet security threats are in a stage of profound change, and the attacker's attack purpose has shifted from targeting the network architecture itself so that it cannot be used normally to targeting ordinary users and related organizations. This new type of attack directly affects the daily lives of Internet users around the world, threatening the security of enterprise users and government networks. For example, computer users are suffering from spyware spying on their sensitive information, spam flooding their email accounts, phishing websites stealing authentication data, etc. At the heart of these attacks are large numbers of controlled computers, which may be located in homes, schools, businesses or governments around the world. Attackers use these controlled host...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 胡卫华班晓芳曲武张利孟祥杰刘锡峰梁杰
Owner CHINA INFORMATION TECH SECURITY EVALUATION CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap