Fast-flux botnet detection method and system in high-speed network

A botnet and high-speed network technology, applied in the field of Fast-Flux botnet detection under high-speed networks, can solve the problems of high false alarm rate, low detection accuracy, and low processing efficiency, so as to avoid false negatives, high detection accuracy, The effect of improving detection accuracy

Inactive Publication Date: 2019-03-01
SICHUAN UNIV
View PDF3 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0012] The object of the present invention is to: provide a kind of Fast-Flux botnet detection method and system under the high-speed network, sol

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Fast-flux botnet detection method and system in high-speed network
  • Fast-flux botnet detection method and system in high-speed network
  • Fast-flux botnet detection method and system in high-speed network

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment

[0081] The current research on Fast-Flux botnets has begun to take shape, but there is currently no relatively mature detection system for the detection of Fast-Flux botnets under large data set traffic. Most of the research on the FastFlux botnet at home and abroad is based on collecting a list of malicious domain names, then using the dig tool to find the characteristics of malicious domain names offline, and then training the feature vectors through learning algorithms to detect Fast-Flux botnets, which does not guarantee the real online The detection rate in the environment achieves the same result, especially in high-speed networks.

[0082] In a high-speed network, taking a 10Gbps network as an example, even if the network utilization rate is only 30% under normal circumstances, 500M data traffic will be generated in one second. Assuming that the average size of each data packet is 512Byte, the data packet will also There are 1 million. Once the data packet processing pr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention discloses a Fast-Flux Botnet detection method and system in a high-speed network, which belongs to the field of network security detection technology. Firstly, a DNS data packetis obtained, and the captured DNS data packet is parsed and filtered, to obtain a suspicious Fast-Flux Botnet. A global association mapping relationship between a domain name and an IP address of thesuspicious Fast-Flux Botnet is analyzed, and global features are extracted by using the global association mapping relationship. Time-based local features of the suspicious Fast- Flux Botnet are extracted. Finally, the global features and the local features in offline data are trained by using a machine learning algorithm to obtain a trained machine learning model, and global features and local features in unknown data are detected by using the trained learning model to obtain a classification result of the suspicious Fast-Flux Botnet. The present invention can improve detection accuracy, reduce a false alarm rate, and improve processing efficiency.

Description

technical field [0001] The invention relates to the technical field of network security detection, in particular to a Fast-Flux botnet detection method and system under a high-speed network. Background technique [0002] The Fast-Flux technology uses the mechanism of quickly changing the IP address related to the domain name to increase the difficulty of the attacker being traced. Therefore, attackers are increasingly inclined to apply Fast-Flux technology to botnets to evade tracking and detection by security researchers. How to effectively detect Fast-Flux botnets has become a hot issue in the field of network security research. Most of the existing detection methods focus on traffic analysis. Although the Fast-Flux botnet can be identified to a certain extent, there is a high false positive rate and false negative rate, and the verification environment is limited to the offline environment. Therefore, how to realize the effective detection of Fast-Flux botnets in a real...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/0236H04L63/1416H04L63/1425H04L63/30
Inventor 牛伟纳张小松王中晴
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap