Unlock instant, AI-driven research and patent intelligence for your innovation.

A p2p botnet detection system and method based on traffic analysis

A botnet and traffic analysis technology, applied in the field of computer network security, can solve problems such as no benign P2P traffic analysis, low detection efficiency, and large consumption of computing resources for detection

Active Publication Date: 2021-08-20
上海视岳计算机科技有限公司
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The initial botnet detection work is to use the port and signature method to detect the traffic packet information of a specific port. Once this detection method encounters an encrypted botnet or a botnet that uses randomization for communication ports, it will not be effective.
[0006] Some subsequent detection methods use graph clustering technology to detect P2P traffic, but do not analyze benign P2P traffic. The problem is that the detection consumes a lot of computing resources and the detection efficiency is low. In addition, this method also has the problem that the graph may not be scalable. question

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A p2p botnet detection system and method based on traffic analysis
  • A p2p botnet detection system and method based on traffic analysis
  • A p2p botnet detection system and method based on traffic analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] The following describes several preferred embodiments of the present invention with reference to the accompanying drawings, so as to make the technical content clearer and easier to understand. The present invention can be embodied in many different forms of embodiments, and the protection scope of the present invention is not limited to the embodiments mentioned herein.

[0041] In the drawings, components with the same structure are denoted by the same numerals, and components with similar structures or functions are denoted by similar numerals. The size and thickness of each component shown in the drawings are shown arbitrarily, and the present invention does not limit the size and thickness of each component. In order to make the illustration clearer, the thickness of parts is appropriately exaggerated in some places in the drawings.

[0042] like figure 1 As shown, the system consists of four modules, which are the network traffic receiving module, the communicat...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a P2P botnet detection system based on traffic analysis, which belongs to the field of computer network security, and includes a network traffic receiving module to obtain network traffic from different monitoring points, a communication structure diagram construction module, and a detection algorithm module from the communication structure diagram. The community discovery algorithm discovers the P2P structure, uses two machine learning methods of decision tree and Bayesian network to detect the P2P botnet, tracks the communication with other nodes to expand the botnet, and stores the relevant data in the database module. The invention also discloses a P2P zombie network detection method based on flow analysis. The present invention does not use the port as a feature to prevent detection failure caused by port randomization, and conducts P2P botnet detection based on traffic analysis, improves detection efficiency by filtering benign network traffic, uses packet length as a feature to reduce data processing, and can efficiently identify P2P bots Network communication provides support for the intrusion detection system.

Description

technical field [0001] The invention relates to the field of computer network security, in particular to a P2P botnet detection system and method based on flow analysis. Background technique [0002] A botnet (Botnet) is a large number of hosts controlled by attackers on the Internet, using C&C (Command and Control) channels to control and issue commands to hosts existing in the botnet. Botnets are usually used to launch Distributed Denial-of-Service (DDoS) attacks, send spam, bitcoin mining and other attacks. [0003] P2P (Peer-to-Peer) peer-to-peer network, also known as peer-to-peer technology, each node has the same ability, usually does not rely on a central node. The decentralized nature of P2P networks makes them difficult to detect, and the distributed nature is also excellent against single points of failure. At the beginning of the 21st century, users began to have more and more powerful servers, storage space, and bandwidth, and the share of the P2P-structured I...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425H04L63/1441H04L2463/144H04L63/1408
Inventor 邹福泰张奕吴越
Owner 上海视岳计算机科技有限公司