Malicious domain name infection host tracing method

A technology of host and domain name, applied in transmission systems, electrical components, etc., can solve the problems of low security and slow positioning of infected hosts, and achieve the effect of ensuring security and reducing security threats

Active Publication Date: 2019-11-01
STATE GRID LIAONING ELECTRIC POWER RES INST +1
View PDF5 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The technical problem to be solved by the present invention is to provide a method for tracing the source of hosts infected by malicious domain names, which is used to solve the problems of slow location of infected hosts and low security in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious domain name infection host tracing method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0020] The present invention provides a method for tracing the source of a malicious domain name infected host, the method comprising:

[0021] Establish a platform, including acquisition server and big data analysis platform and establish a database,

[0022] The establishment of the database includes: collecting DNS server logs, anti-virus killing logs, virus access URL characteristic information, disposal knowledge base, and IP address division information of each associated host in the power grid system on the platform, and according to the collected virus access URL characteristic information Establish a virus signature table, establish a processing suggestion table according to the disposal knowledge base, and store IP address division information;

[0023] Obtain the DNS server logs from the accessed host through the collection server, use client access as the trigger condition, analyze and normalize the DNS server logs through comparative analysis, and then compare the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the field of power system computers. The method is a malicious domain name infected host tracing method. The method comprises: establishing a database on a platform, collecting DNS server logs, anti-virus searching and killing logs, virus access URL feature information, a disposal knowledge base and IP address division information of all associated hosts in a power grid system on a platform; establishing a virus feature table according to the collected virus access URL feature information, establishing a processing suggestion table according to a processing knowledge base, and storing IP address division information; and obtaining a DNS server log from a host, analyzing and normalizing the DNS server log through comparative analysis, then performing feature comparison with the virus feature table, generating an alarm according to suggestions corresponding to virus features compared in the virus feature table in the processing suggestion table, and then enteringa processing flow. According to the invention, the attacked host is disposed in time according to the disposal suggestions, thereby achieving the purposes of ensuring the security of the informationintranet and reducing the security threat.

Description

technical field [0001] The invention relates to the field of power system computer software, and specifically relates to a method for tracing the source of hosts infected by malicious domain names. Background technique [0002] For the power system, the data is huge. Once the host is infected, due to the correlation of multiple hosts, the call of data at any time will quickly infect among multiple hosts. To monitor the domain name resolution function of the DNS server of the system, it is necessary to quickly locate the IP address of the host accessing the malicious domain name and the unit to which the host belongs, so that each unit can quickly locate the infected host, achieve rapid warning and timely disposal, and improve protection ability. Contents of the invention [0003] The technical problem to be solved by the present invention is to provide a method for tracing the origin of hosts infected by malicious domain names, which is used to solve the problems of slow ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1416H04L63/145H04L61/4511
Inventor 张文杰李巍王鸥于亮亮周旭程硕郑善奇杨明钰金成明
Owner STATE GRID LIAONING ELECTRIC POWER RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap