Detection method, device and system of command and control channel
A technology of control channel and detection method, which is applied in the field of Internet security, can solve the problems of low detection efficiency of command and control channels, achieve the effects of improving network security, improving detection accuracy, and solving low detection efficiency
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
Method used
Image
Examples
Embodiment 1
[0037] According to an embodiment of the present invention, an embodiment of a method for detecting a command and control channel is provided. It should be noted that the steps shown in the flow charts of the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions , and, although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that shown or described herein.
[0038] figure 1 It is a flowchart of a method for detecting a command and control channel according to an embodiment of the present invention, such as figure 1 As shown, the method includes the following steps:
[0039] Step S102, acquiring a first request sequence of the object to be detected, wherein the first request sequence includes multiple domain name resolution requests.
[0040] Specifically, the above-mentioned objects to be detected may be computer terminals connected to the...
Embodiment 2
[0067] According to an embodiment of the present invention, an embodiment of a method for detecting a command and control channel is provided. It should be noted that the steps shown in the flow charts of the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions , and, although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that shown or described herein.
[0068] image 3 is a flow chart of another command and control channel detection method according to an embodiment of the present invention, such as image 3 As shown, the method includes the following steps:
[0069] Step S302, acquiring a first sequence.
[0070] Specifically, the above-mentioned first sequence may be a DNS request sequence sent by a controlled host carrying malware or a normal host not carrying malware, including multiple DNS requests.
[0071] Step S304, obtaining...
Embodiment 3
[0083] According to an embodiment of the present invention, an embodiment of an apparatus for detecting a command and control channel is provided.
[0084] Figure 4 is a schematic diagram of a command and control channel detection device according to an embodiment of the present invention, such as Figure 4 As shown, the device includes:
[0085] The acquiring module 42 is configured to acquire a first request sequence of the object to be detected, wherein the first request sequence includes a plurality of domain name resolution requests.
[0086] Specifically, the above-mentioned objects to be detected may be computer terminals connected to the Internet, such as personal computers PC, notebook computers, etc., and may include: controlled hosts carrying malicious software and normal hosts not carrying malicious software.
[0087] The first processing module 44 is configured to change the sending order of multiple domain name resolution requests in the first request sequence...
PUM
Abstract
Description
Claims
Application Information
- R&D Engineer
- R&D Manager
- IP Professional
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com