Method for estimating the scale of malicious code infected hosts based on dns cache detection

A malicious code and host technology, applied in the field of network communication security, can solve problems affecting data integrity, security risks, privacy protection, etc., and achieve the effect of easy deployment and implementation, and strong practicability

Active Publication Date: 2016-02-24
XI AN JIAOTONG UNIV
View PDF1 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this approach faces privacy protection issues
On the one hand, users do not cooperate with the deployment of this type of client because they are unwilling to be monitored, which greatly affects the integrity of the data; on the other hand, this host-side monitoring method may be used as a backdoor program, causing serious security risks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for estimating the scale of malicious code infected hosts based on dns cache detection
  • Method for estimating the scale of malicious code infected hosts based on dns cache detection
  • Method for estimating the scale of malicious code infected hosts based on dns cache detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0014] The technical solution of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0015] see figure 1 As shown, the system architecture for estimating the scale of malicious code-infected hosts in specific regions based on DNS cache detection (such as geographic regions, countries, provinces, cities, etc.) mainly includes a DNS resolver search module, a DNS detection module, and a malicious code-infected host scale estimation module.

[0016] In the following, the principles and processes of each module are introduced in detail.

[0017] Such as figure 2 As shown, the DNS resolver search module uses the following steps to search for a DNS resolver that can be used as a probe within a specific area.

[0018] (1) Register a DNS domain, and register the domain name d under the DNS domain. Domain name d is not

[0019] Public domain name, that is, existing web applications cannot request this domain name.

[0020] (2) S...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for estimating the scale of a host infected by a malicious code based on DNS cache detection. The method comprises the steps that DNS parsers within the range of a specific region are detected, cache information of malicious domain names in the DNS parsers is collected, a Bayesian forecasting filter model is constructed based on the information, and the scale of the host infected by the malicious code in a corresponding network domain is estimated. According to a system, the problems existing in a traditional monitoring method such as privacy protection and network authorization are effectively solved.

Description

technical field [0001] The invention relates to the field of network communication security, in particular to a method for estimating the scale of hosts infected by malicious codes. Background technique [0002] Infecting hosts with malicious code has become an important link in the hacker industry chain, and has attracted widespread attention from the news media, the security industry, and academic institutions. Accurately and effectively obtaining the scale of malware-infected hosts is of great significance for in-depth analysis and research on its propagation mechanism and the degree of damage to the Internet. Unfortunately, although such valuable information is necessary for early prevention and situation assessment of malicious code-infected hosts, network administrators are often reluctant to disclose the infection of malicious code-infected hosts in their networks due to certain factors. In order to understand the infection situation of hosts infected by malicious co...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12
Inventor 陶敬李剑锋马小博管晓宏周文瑜周天邹孙颖胡文君
Owner XI AN JIAOTONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap