Botnet domain name family detection method and device, equipment and storage medium

A botnet and detection method technology, applied in the transmission system, electrical components, etc., can solve the problems of relying on virus sample collection, poor real-time detection, single detection dimension, etc., to achieve wide applicability, strong detection ability, and reduce various losses Effect

Active Publication Date: 2020-06-30
SANGFOR TECH INC
View PDF9 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The object of the present invention is to provide a detection method, device, equipment and computer-readable storage medium of a botnet domain name family, so as to solve the problem of single detection dimension, excessive reliance on virus sample collection, and low real-time detection in the existing botnet domain name family detection. bad question

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Botnet domain name family detection method and device, equipment and storage medium
  • Botnet domain name family detection method and device, equipment and storage medium
  • Botnet domain name family detection method and device, equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] In order to enable those skilled in the art to better understand the solution of the present invention, the present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments. Apparently, the described embodiments are only some of the embodiments of the present invention, but not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0047] A flow chart of a specific embodiment of the detection method of the botnet domain name family provided by the present invention is as follows figure 1 As shown, the method includes:

[0048] Step S101: Obtain suspicious domain names.

[0049] Suspicious domain names refer to domain names that are obviously normal and legitimate domain names are excluded, and domain names with at least one abnormal be...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a botnet domain name family detection method. The method comprises the following steps: acquiring a suspicious domain name; constructing a domain name space-time association graph based on the association of each suspicious domain name among different dimensions, wherein in the domain name space-time association graph, each suspicious domain name is used as a node, an edgeis formed between two domain names with at least one association, and the association between the two domain names is used as an attribute value of the edge; and according to the judgment index of thecompactness of each node in graph calculation, determining to obtain domain names in compact connection in the domain name space-time association graph, and taking a set of the corresponding domain names as a botnet domain name family. According to the method, the relevance between different dimensions of the domain names is uniformly expressed in the form of the association graph, so that the method has higher detection capability. Meanwhile, the botnet domain name family can be detected more quickly, and the method has wider applicability. In addition, the invention further provides a botnet domain name family detection device, botnet domain name family detection equipment and a computer readable storage medium which have the technical advantages.

Description

technical field [0001] The present invention relates to the technical field of information security, in particular to a detection method, device, equipment and computer-readable storage medium of a botnet domain name family. Background technique [0002] Botnets pose a serious threat to network security. Criminals use botnets to launch Distributed Denial of Service (DDoS), malicious mining, information theft, sending spam, etc., seriously endangering countries, enterprises, organizations and For personal interests, it is of great significance to quickly and accurately identify the communication of botnets and block them in time. A large number of botnets communicate with bot hosts by sending Command and Control (C&C) information based on the DNS protocol. [0003] The mainstream botnet domain name family detection schemes mainly include detection based on grammar features and detection based on virus traffic. [0004] The detection of botnet domain name families based on g...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/1466H04L63/1458H04L2463/144H04L2463/146H04L2101/30H04L61/4511
Inventor 闫凡赵振洋古亮
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap