会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 9. 发明申请
    • SYSTEM AND METHOD FOR MODELING ACTIVITY PATTERNS OF NETWORK TRAFFIC TO DETECT BOTNETS
    • 用于建模网络交通活动模式以检测网络的系统和方法
    • US20110153811A1
    • 2011-06-23
    • US12821510
    • 2010-06-23
    • Hyun Cheol JeongChae Tae IMSeung Gao JiJoo Hyung OhDong Wan KangTae Jin LeeYong Geun Won
    • Hyun Cheol JeongChae Tae IMSeung Gao JiJoo Hyung OhDong Wan KangTae Jin LeeYong Geun Won
    • G06F15/173
    • H04L63/14H04L2463/144
    • The invention relates to a system and method that can detect botnets by classifying the communication activities for each client according to destination or based on similarity between the groups of collected traffic. According to certain aspects of the invention, the communication activities for each client can be classified to model network activity by differentiating the protocols of the collected network traffic based on destination and patterning the subgroups for the respective protocols. Those servers that are estimated to be C&C servers can be classified into download and upload, spam servers and command control servers, within a botnet group detected by modeling network activity, i.e. analyzing network-based activity patterns. Also, botnet groups can be detected by way of a group information management function, for generating an activity pattern-based group matrix based on group data, and a mutual similarity analysis, performed on groups suspected to be botnets from the group information.
    • 本发明涉及一种系统和方法,可以通过根据目的地对每个客户端的通信活动进行分类,或者根据收集的业务组之间的相似性来检测僵尸网络。 根据本发明的某些方面,每个客户端的通信活动可以通过基于目的地区分所收集的网络业务的协议并对各个协议的子组进行构图来分类为对网络活动的建模。 估计为C&C服务器的那些服务器可以分类为下载和上传,垃圾邮件服务器和命令控制服务器,通过建模网络活动检测到的僵尸网络组,即分析基于网络的活动模式。 此外,可以通过组信息管理功能来检测僵尸网络组,用于基于组数据生成基于活动模式的组矩阵,以及对从组信息中怀疑为僵尸网络的组执行相互相似性分析。