Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A Bot Detection and Classification Method Based on the Combination of Dynamic and Static Features

A technology of bots and static features, applied in the field of information security, can solve problems such as low efficiency, time-consuming, difficult to solve a large number of bots, etc., to achieve the effect of reducing requirements and improving correctness

Active Publication Date: 2020-12-08
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0013] Currently, manual reverse engineering is mainly used for family classification of bot programs. This method is not only time-consuming and inefficient, but also requires a high level of professionalism for analysts. These problems are difficult to solve in large quantities by manual reverse engineering. bot

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Bot Detection and Classification Method Based on the Combination of Dynamic and Static Features
  • A Bot Detection and Classification Method Based on the Combination of Dynamic and Static Features
  • A Bot Detection and Classification Method Based on the Combination of Dynamic and Static Features

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] The present invention will be described in detail below with reference to the accompanying drawings and examples.

[0039] The invention provides a bot detection and classification method combining dynamic and static features, such as figure 1 shown, including the following steps:

[0040] Step 1: Bot detection

[0041] Bots can be distinguished from other malicious codes by using opcode (a machine code used to describe a certain operation in machine language), PE (Portable Execution) section information and DLL (Dynamic Link Library) sequence. Static detection has the advantages of high security and high detection efficiency. The feature selection in the detection process adopts the optimized TF-IDF-GF algorithm.

[0042] The main process is as follows:

[0043] The core idea of ​​TF-IDF is that the importance of a feature item increases with the number of times it appears in the file, but at the same time it decreases with the frequency of its appearance in the fe...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a bot detection and classification method combining dynamic and static features, which detects bots based on static feature information; the feature selection in the detection process adopts the improved TF-IDF algorithm, and the improved TF-IDF algorithm It is to add the category discrimination factor GF when the TF-IDF algorithm calculates the TF-IDF weight, which is used to represent the ratio of the occurrence degree of a feature item in a certain category to the occurrence level in all other categories; run the detection bot, extract The API sequence and network traffic information of the bot running are processed to obtain the bot family classification features; based on the bot family classification features, the bots are classified. The invention can automatically classify, reduce time consumption and improve classification efficiency.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method for detecting and classifying bots combining dynamic and static features. Background technique [0002] A bot is a malicious program that an attacker deploys on an infected computer after intruding into it to complete the attack. By deploying bots on infected computers to form a botnet, attackers can implement various attack methods. [0003] In recent years, the rapid development of IoT technology has enabled network attackers to target IoT devices, and bots parasitic on IoT devices have begun to appear in large numbers. The advancement of cloud computing technology has accelerated the development of bots. Attackers only need to apply for virtual machine resources at a very low cost in the cloud, and they can use these resources to quickly build botnets, making it cheaper and faster to launch botnet attacks. Some attackers use illegally stolen credit card...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06K9/62
CPCG06F21/562G06F21/566G06F2221/033G06F18/2115G06F18/24
Inventor 薛静锋张继郭宇单纯刘康
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com