Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Detection method, device, equipment and storage medium of botnet domain name family

A botnet and detection method technology, applied in security communication devices, digital transmission systems, electrical components, etc., can solve the problems of single detection dimension, poor real-time detection, and dependence on virus sample collection, etc., to achieve strong detection capabilities, rapid detection, The effect of broad applicability

Active Publication Date: 2022-02-25
SANGFOR TECH INC
View PDF9 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The object of the present invention is to provide a detection method, device, equipment and computer-readable storage medium of a botnet domain name family, so as to solve the problem of single detection dimension, excessive reliance on virus sample collection, and low real-time detection in the existing botnet domain name family detection. bad question

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method, device, equipment and storage medium of botnet domain name family
  • Detection method, device, equipment and storage medium of botnet domain name family
  • Detection method, device, equipment and storage medium of botnet domain name family

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] In order to make those skilled in the art better understand the solution of the present invention, the present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments. Obviously, the described embodiments are only some, but not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

[0047] A flowchart of a specific implementation of the method for detecting a botnet domain name family provided by the present invention is as follows: figure 1 As shown, the method includes:

[0048] Step S101: Obtain suspicious domain names.

[0049] A suspicious domain name refers to a domain name that excludes apparently normal legitimate domain names and detects at least one abnormal behavior. Excluding apparently normal do...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a detection method of a botnet domain name family. By obtaining suspicious domain names; based on the relevance of each suspicious domain name in different dimensions, a domain name space-time correlation graph is constructed; in the domain name spatio-temporal correlation graph, each suspicious domain name is used as a Nodes, two domain names with at least one kind of correlation form an edge, and the correlation between the two domain names is used as the attribute value of the edge; according to the judgment index of the compactness of each node in the graph calculation, it is determined to obtain the domain name space-time correlation graph The closely related domain names in the domain name are used as the set of corresponding domain names as the botnet domain name family. In this application, the correlation between different dimensions between domain names is uniformly expressed in the form of a correlation graph, which has stronger detection capabilities. At the same time, it can detect zombie domain name families more quickly and has wider applicability. In addition, the present application also provides a detection device, device and computer-readable storage medium of a botnet domain name family having the above-mentioned technical advantages.

Description

technical field [0001] The present invention relates to the technical field of information security, and in particular, to a method, apparatus, device and computer-readable storage medium for detecting a botnet domain name family. Background technique [0002] Botnets pose a serious threat to network security. Criminals launch Distributed Denial of Service (DDoS) attacks through botnets, conduct malicious mining, information theft, send spam, etc., which seriously endanger countries, enterprises, organizations and For personal interests, it is of great significance to quickly and accurately identify the communication of botnets and block them in time. A large number of botnets communicate with bots by sending Command and Control (C&C) information based on the DNS protocol. [0003] The mainstream botnet domain name family detection schemes mainly include two types: detection based on grammar features and detection based on virus traffic. [0004] The detection of botnet do...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40
CPCH04L63/1425H04L63/1466H04L63/1458H04L2463/144H04L2463/146H04L2101/30H04L61/4511
Inventor 闫凡赵振洋古亮
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com