Method and system for detecting zombie, trojan and worm networks

A botnet and botnet technology, applied in the field of Internet security, can solve problems such as botnet threats, and achieve the effects of extensive tracking, traffic reduction, and accurate topology

Inactive Publication Date: 2017-06-13
CHINA TELECOM CORP LTD
View PDF4 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, whether it is for the safe operation of the network or the protection of user data security, zombie and worm networks are extremely threatening hidden dangers

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting zombie, trojan and worm networks
  • Method and system for detecting zombie, trojan and worm networks
  • Method and system for detecting zombie, trojan and worm networks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] The present invention will be described more fully hereinafter with reference to the accompanying drawings, in which exemplary embodiments of the invention are illustrated.

[0023] figure 1 A flowchart showing a method for detecting zombies and worms according to an embodiment of the present invention. Such as figure 1 As shown, the method mainly includes:

[0024] Step 100, the packet detection device obtains the control terminal information in the zombie worm sample packets in the designated area of ​​the network.

[0025] Step 102, sending the control terminal information in the zombie worm sample message to the flow detection device.

[0026] Step 104, the flow detection device samples the traffic in the network according to the control terminal information in the zombie worm sample message, so as to obtain the corresponding address information of the zombie worm controlled terminal.

[0027] Step 106 , the flow detection device sends the acquired address infor...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and system for detecting zombie, trojan and worm networks, and relates to the field of internet security, wherein the method comprises the following steps: message detection equipment obtains control terminal information in a zombie, trojan and worm sample message in a network designated area; the control terminal information in the zombie, trojan and worm sample message is sent to flow detection equipment; the flow detection equipment samples flow in a network according to the control terminal information in the zombie, trojan and worm sample message, so that corresponding zombie, trojan and worm controlled terminal address information is obtained; and the flow detection equipment sends the obtained zombie, trojan and worm controlled terminal address information to a zombie, trojan and worm detection platform, so that the zombie, trojan and worm detection platform constructs a zombie, trojan and worm network topological structure. By means of the method and the system disclosed by the invention, on the basis of distributed measurement nodes in two types including deep package inspection and deep flow detection, the zombie, trojan and worm networks can be tracked more widely; the flow is reduced by adoption of a message sampling method; and thus, measurement on the network flow of a high-speed link and relatively accurate deduction on the topological structure of the zombie, trojan and worm networks can be realized.

Description

technical field [0001] The invention relates to the technical field of Internet security, in particular to a method and a system for detecting zombie and worm networks. Background technique [0002] Zombie worm network refers to a group of botnet (Botnet) computers secretly established by attackers using Internet users' computers that can be remotely and uniformly controlled. Currently, botnet worm networks are mainly controlled by Trojan horses and spread through worms and malicious websites. The Trojan horse is a hacking tool based on remote control, and its essence is a "client / service" network program. The Trojan horse program appears to have some useful functions on the surface, but in fact it can control the entire computer system and open the back door. , a function that endangers system security; a worm is a virus that spreads through the network and infects hosts with vulnerabilities, and replicates automatically, usually without human interaction. The traffic gener...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/1416
Inventor 罗志强史国水沈军金华敏
Owner CHINA TELECOM CORP LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap