Unlock instant, AI-driven research and patent intelligence for your innovation.

A method for detecting botnets based on c&c communication state transition

A botnet and communication state technology, applied in the field of detecting botnets based on C&C communication state transition, can solve the problems of lack of pertinence and lack of consideration.

Active Publication Date: 2020-11-13
BEIJING CHANGYANG TECH CO LTD
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0013] The above classification initially summarizes the differences of existing detection technologies from different aspects, but it lacks pertinence and does not consider the characteristics of C&C communication in botnets, especially the state and periodicity between C&C communication. Starting from this, we invented A method for detecting botnets based on C&C communication state transitions

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method for detecting botnets based on c&c communication state transition
  • A method for detecting botnets based on c&c communication state transition
  • A method for detecting botnets based on c&c communication state transition

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0034] Such as figure 1 As shown, the present invention discloses a method for detecting botnets based on C&C communication state transitions, including a training phase and a prediction phase. The goal of the training phase is to construct a candidate Markov detection model, which includes the original probability. The so-called original probability refers to the probability of generating the candidate model through the calculation of the state chain generated by the training set data, that is, the "how much probability (original probability)" of this state chain calculated from the known training data can obtain the candidate MC model. The goal of the prediction stage: to match the unknown data stream to be tested with the model in the Markov model library to achieve the purpose of detection.

[0035] The training phase includes th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method for detecting a botnet based on C&C communication state transition, comprising a training stage, namely dividing a training set data flow in quaternion and adding tags,extracting features, generating a state chain, constructing a candidate model library and calculating a probability threshold value; and a prediction stage, namely dividing a to-be-detected data flowin the quaternion, extracting the features and generating a to-be-detected state chain; extracting a protocol type, matching with models in the candidate model library one by one, if the protocol type is not matched with the models, discarding the protocol type, if the protocol type is successfully matched, executing the next step; calculating a test probability, and matching according to a preset scheme, if the test probability is not matched with the preset scheme, discarding the test probability, otherwise saving the model and the test probability; and finally selecting the model with thehighest matching rate as a finish model from the candidate models which are successfully matched, and judging that whether the to-be-detected data flow is the botnet or not by virtue of the tag of thefinish model. A state of the flow can be easily extracted, complex statistical work and flow content extract do not need to be carried out, detection performance is improved, a Markov chain for detection is established by adopting a state transition relation, and efficiency is high.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method for detecting botnets based on C&C communication state transitions. Background technique [0002] The full name of the C&C server is Command and Control Server, that is, "command and control server". With the development of the malicious Trojan horse industry, many Trojan horses have already got rid of the previous "single-handed" combat method, but are interconnected through the network, and by commanding a large number of infected computers to act together, they can exert a synergistic effect. In this way, they can not only concentrate on attacking a certain target at the same time, but also disperse the risks they bear. Among them, the key node for command is the C&C server. These servers are used to control DDoS botnets, spam networks, banking Trojans, and servers used to spread collected data for phishing and malware infections. On the one hand, the C&C ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/1425H04L63/1441
Inventor 姚兴仁
Owner BEIJING CHANGYANG TECH CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com