Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

HTTP botnet detection method and system based on network data flow

A botnet and data flow technology, applied in digital transmission systems, transmission systems, data exchange networks, etc., can solve problems such as security measures lagging behind information technology, high false negative rate, and undetectable, etc., to achieve universal type judgment , low false alarm rate and false negative rate, and high detection efficiency

Active Publication Date: 2016-03-30
INST OF COMPUTING TECH CHINESE ACAD OF SCI
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] (3) Security measures often lag behind the application of the corresponding new information technologies. It is for this reason that many hackers use the loopholes of new technologies to build botnet communication channels and control servers
These systems are often unable to detect "broilers" in a "quiet" state (command and control communications without malicious attacks), resulting in a high false negative rate

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • HTTP botnet detection method and system based on network data flow

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0049] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below through specific embodiments in conjunction with the accompanying drawings. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0050] figure 1 It is a flowchart of an HTTP botnet detection method based on network data flow according to an embodiment of the present invention. In a nutshell, the method mainly includes: step 1), extracting all HTTP packets from the network data flow in units of HTTP sessions; step 2), performing cluster analysis on each HTTP session, so as to cluster different HTTP sessions according Class results are classified into corresponding cluster classes; Step 3) Botnet determination is performed for each HTTP session.

[0051] refer to figure 1 , more specifically, in step 1, filter ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method based on net data stream and capable of detecting unknown HTTP (hyper text transport protocol) botnets. The method includes extracting HTTP communication data streams of hosts, judging bot hosts by an X-means clustering method and combining net communication feature similarity, and classifying types of the bot hosts. The method has the advantages that targets of the unknown HTTP bontnets can be detected, and potential bot hosts in assigned nets can be found timely; clustering and detection efficiency can be improved, and the methods has characteristics of low false positive rate and false negative rate.

Description

technical field [0001] The invention belongs to the field of network security, in particular to an HTTP botnet detection method. Background technique [0002] In recent years, with the popularization of computers and the rapid development of the Internet industry, the Internet has become an indispensable part of people's lives. However, due to the general lack of security awareness among netizens and various loopholes in computer operating systems and application software, more and more computers have quietly become "broilers" in botnets, and have become targets for others to steal privacy, attack network resources, A pawn for illegal and criminal activities such as illegal profiteering. [0003] Botnet (Botnet) is a kind of "universal computing platform constructed by invading several non-cooperative user terminals in cyberspace, which can be remotely controlled by attackers". Among them, "non-cooperation" means that the user terminal is not aware of the intrusion; "attac...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/26
Inventor 李可刘潮歌崔翔王帅
Owner INST OF COMPUTING TECH CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com