Botnet detection method and system based on behavior similarity analysis
A similarity analysis and botnet technology, applied in transmission systems, electrical components, etc., can solve the problems of complex deployment, poor timeliness, and poor detection efficiency, and achieve the effects of wide detection range, fast detection, and high detection efficiency.
Inactive Publication Date: 2021-08-17
NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT +1
View PDF7 Cites 2 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0014] The detection technology based on log correlation is an offline detection method, and the timeliness is relatively poor
[0015] In addition to the four commonly used botnet detection technologies mentioned above, there are also some other detection methods, but there are also some technical defects. For example, the detection technology based on the DNS protocol can only detect through DNS information, and the detection efficiency is relatively poor; The detection technology of honeypot and honeynet is very complicated to deploy, and it can only detect one or one type of botnet
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0069] In order to further explain the technical means and effects of the present invention to achieve the intended purpose of the invention, in conjunction with the accompanying drawings and preferred embodiments, a botnet detection method and system based on behavioral similarity analysis proposed according to the present invention, Its specific implementation, methods, steps, structures, features and effects thereof are described in detail below.
[0070] see figure 1 , figure 2 , image 3 , Figure 4 As shown, a botnet detection method based on behavioral similarity analysis of a preferred embodiment of the present invention, such as figure 1 As shown, it mainly includes the following steps:
[0071] Step 1: Deploy network traffic monitoring and collection equipment at the monitored network exit node, and direct the traffic of the exit node to the network traffic monitoring and collection equipment through traffic mirroring technology;
[0072] Step 2: The network tr...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention relates to a botnet detection method based on behavior similarity analysis, and the method comprises the steps: monitoring and collecting the flow data in a network at a network exit node, and carrying out the network flow analysis and host behavior analysis of the collected flow data based on a big data technology; and through adoption of a group behavior similarity cross correlation calculation method, calculating a group of host nodes belonging to the same botnet. The system for realizing the method comprises a network flow acquisition module, a data packet generation and analysis processing module, a network flow storage module, a network flow analysis module, a host behavior analysis module, a group behavior similarity correlation calculation module, a comprehensive configuration management module, a system operation state monitoring module and a big data storage platform. According to the invention, real-time detection can be realized, the accuracy of the detection effect is ensured, the detection is simple, the detection efficiency is high, the detection speed is high, the detection range is wide and the timeliness is good.
Description
technical field [0001] The invention relates to a botnet detection technology in the field of network security management, in particular to a botnet detection method and system based on behavior similarity analysis. Background technique [0002] At present, the commonly used botnet detection technology is mainly judged by detecting network traffic or detecting whether the host node behavior is abnormal. According to its implementation principle, it can be roughly divided into the following four types: [0003] (1) Detection technology based on network traffic content [0004] This detection technology needs to manually analyze the characteristics of the network traffic content to form a known botnet feature library, and then match it with the network traffic content to determine whether there are known botnets in the network. [0005] (2) Detection technology based on network traffic behavior [0006] This detection technology is based on the characteristics of time correl...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1425H04L63/1441H04L67/1095H04L69/22
Inventor 孟艳青姚力刘玲张榜李鹏超尚程何文杰张振涛阿曼太梁彧蔡琳杨满智王杰田野金红陈晓光
Owner NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT