Botnet attribute identification method, defense method and device

A botnet and attribute identification technology, which is applied in the field of botnet attribute identification methods, defense methods and devices, can solve problems such as network paralysis, personal and national security hazards, resource abuse, etc., and achieve the effect of rapid removal and improved defense effect

Active Publication Date: 2019-11-12
NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

As an attack technology developed from traditional malware technology, botnets are based on remote control Trojan horses and are used by hackers to launch large-scale network attacks, such as distributed denial of service attacks (Distributed Denial of Service, DDOS), mass Spam, etc., causing network paralysis or resource abuse; at the same time, various information on the infected host can be stolen, such as various confidential information, personal privacy, bank card account numbers, etc., causing great harm to personal and national security

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Botnet attribute identification method, defense method and device
  • Botnet attribute identification method, defense method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0043] An embodiment of the present invention provides a method for identifying attributes of a botnet, including:

[0044] Identify botnet communication data traffic and normal network communication data traffic in network traffic;

[0045] Extracting basic communication attributes from the identified botnet communication data flow, identifying a botnet structure and a botnet command attribute from the extracted basic communication attributes; the botnet structure includes a master control terminal and a number of controlled terminals;

[0046] The environmental attributes of each node in the botnet structure are identified from normal network traffic.

[0047] The embodiment of the present invention can effectively identify the attributes of the botnet, and the embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0048] like figure 1 As shown, the embodiment method of the present invention includes:

[004...

Embodiment 2

[0064] An embodiment of the present invention provides a botnet defense method, including:

[0065] Identification step: using the identification method described in Embodiment 1 botnet structure, botnet command attribute and each node environment attribute;

[0066] Defense step: Hijack the communication session in the botnet structure by man-in-the-middle, and clear the botnet program in the botnet structure based on the attributes of the botnet command.

[0067] The embodiment of the present invention obtains more comprehensive botnet attributes from the communication attributes and all network traffic, and realizes the remote and large-scale rapid removal of botnets through the botnet's own functions and the middleman method, and solves the general network defense means In order to improve the defense effect of botnets, the zombie hosts are still harmed after changing the network environment.

[0068] Embodiments of the present invention will be described in detail below....

Embodiment 3

[0078] like figure 2 As shown, the embodiment of the present invention provides a botnet attribute identification device, which is a device embodiment corresponding to Embodiment 1, including:

[0079] A network traffic classification module, configured to obtain full network traffic, and identify botnet communication data traffic and normal network communication data traffic in the network traffic;

[0080] The botnet attribute identification module is used to identify the type, structure and command of the botnet according to the botnet traffic, and identify the node environment according to the normal network traffic;

[0081] Specifically, it is used to extract basic communication attributes from the identified botnet communication data flow, and identify the botnet structure and botnet command attributes from the extracted basic communication attributes; the botnet structure includes a master control terminal and several controlled end; and identify the environmental at...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention aims at providing a botnet attribute identification method, a defense method and device for identifying an attribute of a botnet or remotely eliminating bot programs in the botnet. The identification method comprises the following steps: identifying botnet communication data flow and normal network communication data flow in the network flow; extracting a basic communication attribute from the identified botnet communication data flow, and identifying the botnet structure and the botnet command attribute from the extracted basic communication attribute, wherein the botnet structure comprises a master control terminal and a plurality of controlled terminal; and identifying each node environment attribute in the botnet structure from the normal network communication flow; and eliminating the bot programs through the remote adoption of the botnet self command according to the identified botnet attribute.

Description

technical field [0001] The invention relates to the field of network technology, in particular to a method for identifying attributes of a botnet, a defense method and a device. Background technique [0002] Botnet refers to the use of one or more means of propagation to infect a large number of hosts with bot programs (bot programs), thus forming a one-to-many control system between the controller and the infected hosts (zombies or bots). network. As an attack technology developed from traditional malware technology, botnets are based on remote control Trojan horses and are used by hackers to launch large-scale network attacks, such as distributed denial of service attacks (Distributed Denial of Service, DDOS), mass Spam, etc., causing network paralysis or resource abuse; at the same time, it can steal all kinds of information on the infected host, such as various confidential information, personal privacy, bank card account numbers, etc., causing great harm to personal an...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1466H04L2463/144
Inventor 孙波司成祥李应博鲁骁杜雄杰房婧刘成李轶夫姚珊张伟姜栋张建松盖伟麟
Owner NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap