Method and system for monitoring and capturing file server site for online storage of malicious codes based on cluster botnet

A botnet and site technology, which is applied in the field of cluster botnet-based monitoring and capture, can solve the problems of inability to find malicious codes and hysteresis in time, achieve rapid identification, analysis and identification, improve timeliness and efficiency, and reduce capture cost effect

Active Publication Date: 2019-03-15
BEIJING ANTIY NETWORK SAFETY TECH CO LTD
View PDF3 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, malicious code capture can only be detected and captured from devices such as intrusion prevention detection systems (IDS), terminal antivirus tools, honeypots, and traffic monitoring systems. the code
Therefore, there will always be some lag in the wanton spread of malicious code

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for monitoring and capturing file server site for online storage of malicious codes based on cluster botnet
  • Method and system for monitoring and capturing file server site for online storage of malicious codes based on cluster botnet

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the present invention more obvious and easy to understand, the technical solutions in the present invention will be further detailed below in conjunction with the accompanying drawings illustrate.

[0038] The present invention proposes a method and system for monitoring and capturing horse-freeing sites based on cluster botnets, which can actively discover the latest associated and used horse-freeing sites of various active botnets. It can effectively improve the timeliness and efficiency of horse stocking sites, and at the same time reduce the capture cost of the latest horse stocking sites.

[0039] A method based on cluster botnet monitoring to capture horse-losing sites, such as figure 1 shown, including:

[0040] S101: Obtain malicious codes of botnets of known m...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and a system for monitoring and capturing a file server site for online storage of malicious codes based on a cluster botnet. The method comprises the following steps of acquiring malicious codes of a botnet of each known malicious code family, analyzing a control node, acquiring a protocol of each malicious code family, and establishing a protocol analysis module;and simulating a controlled end and carrying out information interaction and monitoring with a control end in order to acquire a cross infection instruction, analyzing a malicious code storage address, namely the newly found file server site for online storage of the malicious codes, according to the cross infection instruction, and carrying out package downloading on files in the address. According to the technical scheme, the cluster botnet can be monitored, the situation of cross infection of the malicious codes can be found in time, and the new file server site for online storage of the malicious codes can be found. Meanwhile, the monitoring of the new file server site for online storage of the malicious codes is monitored, the monitoring of the control end in the past is combined, andinteractive monitoring between the botnets can be realized.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and a system for monitoring and capturing horse-discharging sites based on cluster botnets. Background technique [0002] The current technology is only based on the detection and identification of Fangma sites (file server sites that store malicious code online) that have been exposed. However, this does not solve the problem of timely identification of the IP / Domain of some horse-release sites that are hidden relatively deeply, that is, the sites that have not been exposed. According to the currently monitored activities and methods of some hacker organizations, once a hacker realizes the remote code execution authority on an Internet device, he will execute the command to remotely download the url of the site designated to store the malicious code, and implant the relevant malicious code. The device becomes a "broiler" in the botnet controlled by hackers (th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/145H04L2463/144
Inventor 黄云宇刘广柱康学斌王小丰
Owner BEIJING ANTIY NETWORK SAFETY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap