首页>
外国专利>
Camp;C DOMAIN NAME ANALYSIS-BASED BOTNET DETECTION METHOD, DEVICE, APPARATUS AND MEDIUM
Camp;C DOMAIN NAME ANALYSIS-BASED BOTNET DETECTION METHOD, DEVICE, APPARATUS AND MEDIUM
展开▼
机译:基于C&C域名分析的僵尸网络检测方法,设备,装置和介质
展开▼
页面导航
摘要
著录项
相似文献
摘要
Provided by the present invention are a C&C domain name analysis-based botnet detection method, device, apparatus and medium, the method comprising: an information acquisition step: obtaining a DNS log record; a domain name analysis step: according to a pre-built domain name analyzer, detecting C&C domain names in the DNS log record, and determining a category to which each C&C domain name belongs; a botnet determination step: determining whether a botnet is present according to the C&C domain names and the category to which the C&C domain names belong. The C&C domain name analysis-based botnet detection method, device, apparatus and medium provided by the present invention extract C&C domain names used for attack activity by means of analyzing a domain name system log record, thereby analyzing the type of parasitic Trojan horse, locking the zombie host controlled by a C&C server, and in addition, using the Poisson parameters occurring in the analysis of each type of C&C domain name to analyze a botnet activity trend in order to achieve timely development of effective suppression measures.
展开▼