首页> 外国专利> SYSTEM AND METHOD FOR MODELING ACTIVITY PATTERNS OF NETWORK TRAFFIC TO DETECT BOTNETS

SYSTEM AND METHOD FOR MODELING ACTIVITY PATTERNS OF NETWORK TRAFFIC TO DETECT BOTNETS

机译：网络流量检测僵尸网络活动模式的建模系统和方法

页面导航

摘要
著录项
相似文献

摘要

The invention relates to a system and method that can detect botnets by classifying the communication activities for each client according to destination or based on similarity between the groups of collected traffic. According to certain aspects of the invention, the communication activities for each client can be classified to model network activity by differentiating the protocols of the collected network traffic based on destination and patterning the subgroups for the respective protocols. Those servers that are estimated to be C&C servers can be classified into download and upload, spam servers and command control servers, within a botnet group detected by modeling network activity, i.e. analyzing network-based activity patterns. Also, botnet groups can be detected by way of a group information management function, for generating an activity pattern-based group matrix based on group data, and a mutual similarity analysis, performed on groups suspected to be botnets from the group information.

机译：本发明涉及一种系统和方法，该系统和方法可以通过根据目的地或基于所收集流量的组之间的相似性对每个客户端的通信活动进行分类来检测僵尸网络。根据本发明的某些方面，可以通过基于目的地区分所收集的网络流量的协议并为各个协议构图子组来对每个客户端的通信活动进行分类以对网络活动进行建模。在通过对网络活动进行建模（即分析基于网络的活动模式）而检测到的僵尸网络组内，那些估计为C＆C服务器的服务器可以分为下载和上传，垃圾邮件服务器和命令控制服务器。同样，可以通过组信息管理功能检测僵尸网络组，以基于组数据生成基于活动模式的组矩阵，并从组信息中对怀疑是僵尸网络的组执行相互相似性分析。

著录项

公开/公告号US2011153811A1

专利类型
公开/公告日2011-06-23

原文格式PDF
申请/专利权人 HYUN CHEOL JEONG;CHAE TAE IM;SEUNG GAO JI;JOO HYUNG OH;DONG WAN KANG;TAE JIN LEE;YONG GEUN WON;
展开▼

申请/专利号US20100821510
发明设计人 DONG WAN KANG;TAE JIN LEE;CHAE TAE IM;HYUN CHEOL JEONG;JOO HYUNG OH;SEUNG GAO JI;YONG GEUN WON;
展开▼

申请日2010-06-23
分类号G06F15/173;
国家 US
入库时间 2022-08-21 18:13:30

相似文献

专利
外文文献
中文文献