Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and system for identifying botnet attack sources of Internet of Things

A botnet, attack source technology, applied in transmission systems, digital transmission systems, data exchange networks, etc., can solve the problems of high false positive rate of attacks and inability to capture zombie nodes.

Active Publication Date: 2019-11-08
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF9 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, the traditional endpoint detection methods have exposed many shortcomings in practical applications, such as: the attack false positive rate is high, or the infected zombie nodes cannot be caught after the infected zombie nodes attack customer assets

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for identifying botnet attack sources of Internet of Things
  • Method and system for identifying botnet attack sources of Internet of Things
  • Method and system for identifying botnet attack sources of Internet of Things

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0028] refer to figure 1 , the embodiment of the present invention provides a method for identifying the attack source of the Internet of Things botnet, which may include the following steps:

[0029] Step S101, obtaining attack warning information;

[0030] In the embodiment of the present invention, the attack warning information may be obtained from a situational awareness platform, which is a network security situational awareness platform, or called a network security situational awareness system. The situational awareness platform is a platform for collecting, mastering and analyzing cyberspace offensive and defensive confrontation information. It should be noted that the attack alarm information includes at least one of attack time, attack alarm type, attack source, attack target, and attack load.

[0031] Step S102, determining the attack warning information satisfying the preset condition as a botnet attack, and identifying the botnet host based on the botnet attack...

Embodiment 2

[0052] refer to Figure 4 , the embodiment of the present invention provides a system for identifying the attack source of the Internet of Things botnet, which includes:

[0053] An acquisition module 11, configured to acquire attack warning information;

[0054] The first determination module 12 is configured to determine the attack warning information satisfying the preset condition as a botnet attack, and identify the botnet host based on the botnet attack;

[0055] The extraction module 13 is used to extract port opening information and fingerprint service information of the botnet host from the threat intelligence library;

[0056] Judging module 14, for judging whether the botnet host meets the characteristics of the Internet of Things device based on port opening information and fingerprint service information;

[0057] The second determining module 15 is configured to determine a botnet host meeting the characteristics of an IoT device as an attack source of an IoT b...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and a system for identifying an Internet of Things botnet attack source. The method comprises the following steps: acquiring attack alarm information; determining the attack alarm information meeting preset conditions as botnet attacks, and identifying botnet hosts based on the botnet attacks; extracting port open information and fingerprint service information of the botnet host from a threat information library; based on the port opening information and the fingerprint service information, judging whether the botnet host meets the Internet of Things equipmentcharacteristics or not; and determining the botnet host meeting the characteristics of the Internet of Things equipment as an Internet of Things botnet attack source. The botnet host can be identifiedaccording to the attack alarm information, and the botnet attack source of the Internet of Things can be quickly and effectively discovered on the basis of the botnet host.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a method and system for identifying attack sources of Internet of Things botnets. Background technique [0002] IoT devices have the advantages of a large number of deployments and good network bandwidth. However, there is a long-term lag in the firmware or software versions of most IoT devices. IoT devices themselves have performance bottlenecks, and only chips have no operating system. Therefore, they have become the key targets of cyber attackers. In recent years, IoT botnet attacks have occurred frequently. Due to the differences between IoT devices and traditional Internet devices, for example, the performance is not as good as that of general host devices. Therefore, traditional endpoint detection methods have exposed many shortcomings in practical applications, such as: a high attack false positive rate, or the inability to capture infected zombie nodes after they ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24G06F21/55
CPCG06F21/55H04L41/0631H04L63/1416H04L63/1441
Inventor 王世晋范渊黄进王辉莫金友徐丽丽
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD