Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Botnet detection method based on DNS (Domain Name System) flow characteristics

A botnet and detection method technology, applied in the field of botnet detection based on DNS traffic characteristics, can solve the problems of not representing the real characteristics of traffic, small amount of data, and no network traffic test.

Active Publication Date: 2016-08-24
宁波知微瑞驰信息科技有限公司
View PDF4 Cites 73 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] In recent years, foreign researchers have proposed a new technical detection method for botnets——DNS data flow analysis and detection technology. The current botnet detection methods based on DNS data flow mostly simulate botnets. Validated, not tested in real network traffic
In addition, the amount of data used by these methods in the test is relatively small, which cannot represent the real characteristics of the traffic in the actual network

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Botnet detection method based on DNS (Domain Name System) flow characteristics
  • Botnet detection method based on DNS (Domain Name System) flow characteristics
  • Botnet detection method based on DNS (Domain Name System) flow characteristics

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0055] The botnet detection method based on DNS traffic characteristics of the present invention will be described in detail below in conjunction with the embodiments and the accompanying drawings.

[0056] The botnet detection method based on DNS flow characteristics of the present invention includes a Domain-Flux botnet detection method and a Fast-Flux botnet detection method based on DNS flow characteristics.

[0057] Such as figure 1 Shown, the Domain-Flux botnet detection method based on DNS traffic characteristic of the present invention, comprises the steps:

[0058] 1) Read the domain name, including reading the legal domain name, and extracting the legal main domain name, and reading the illegal domain name generated by the DGA algorithm, and extracting the illegal main domain name, combining the legal main domain name and the illegal main domain name to form a target set;

[0059] 2) Process the obtained target set, extract the length of each domain name after proce...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a botnet detection method based on DNS (Domain Name System) flow characteristics. The method of the invention comprises a Domain-Flux botnet detection method based on DNS flow characteristics. The method comprises steps: legal main domain names and illegal main domain names are combined to form a target set; a domain name whose length is larger than 6 is extracted and processed as a research target; the domain name entropy, word formation characteristics, phonetic characteristics and grouped characteristics are calculated respectively; and the above is put in a random forest classifier to obtain a training model. A Fast-Flux botnet detection method based on the Domain-Flux botnet detection method comprises steps: the original data of a DNS server are processed; the training model obtained before is used for evaluating a to-be-processed domain name, and a score for a DGA condition is acquired; a white list, a black list and a grey list are used for scoring the domain name and an IP; time characteristics of the IP address are calculated; the stability of the IP address is calculated; and the above is put in the random forest classifier to obtain a training model SFF. The experiment accuracy is high.

Description

technical field [0001] The invention relates to a DNS domain name technology and a machine learning system classification algorithm. In particular, it relates to a botnet detection method based on DNS traffic characteristics. Background technique [0002] Among the current domain name generation technologies, there are mainly: [0003] (1) Domain-Flux technology: Domain-Flux refers to the behavior of continuously changing and assigning multiple domain names to one or more IPs. [0004] (2) Fast-Flux technology: There are two types of this technology: Single-Flux domain name technology and Double-Flux domain name technology. [0005] The Single-Flux domain name technology can be compared to the Tor network. In the botnet based on the Single-Flux domain name technology, each zombie host is a redirection node, so that the optimal addressing process can be realized based on the redirection of different zombie hosts. , on the one hand to avoid the impact of a single node on th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L2463/144
Inventor 喻梅李鑫于健王建荣赵越雷霆
Owner 宁波知微瑞驰信息科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com