Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

DDoS malicious code detection and traceability method based on breeding

A malicious code detection and malicious code technology, applied in the field of breeding-based DDoS malicious code detection and traceability, can solve the problems of difficult malicious code association, error, failure to actively defend, etc., to achieve the effect of expanding the scope of application and improving efficiency

Active Publication Date: 2021-01-22
BEIJING RUICHI XINAN TECH
View PDF9 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The existing DDoS malicious code detection and traceability have the following problems: first, most of them are carried out around the victim of DDoS attacks, and are located downstream of the entire attack chain, making it difficult to track the main control end of the puppet machine; second, traceability of the main control end based on the victim , it is necessary to separate the attack-related traffic from the full traffic, and there are certain errors; third: it is limited to the passive discovery of DDoS attack events, it is difficult to accurately correlate information such as malicious code, DDoS conditional active defense

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDoS malicious code detection and traceability method based on breeding
  • DDoS malicious code detection and traceability method based on breeding

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] In order to facilitate those of ordinary skill in the art to understand and implement the present invention, the present invention will be further described in detail and in-depth below in conjunction with the accompanying drawings.

[0036] The present invention provides a breeding-based DDoS malicious code detection and traceability method, including long-term breeding of the samples to be detected under Linux; monitoring the flow changes in the breeding environment, detecting and identifying DDoS attack flow; and performing DDoS traceability on discovered attack events , to locate the main control terminal of the botnet.

[0037] like figure 1 As shown, the specific steps are as follows:

[0038] Step 1. Based on virtualization technology, use the existing DDoS malicious code or suspicious files under the Linux system as samples to be detected for long-term cultivation;

[0039] The malicious code architecture supported by breeding includes: x86_64, x86, MIPS, MIPS...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a breeding-based DDoS malicious code detection and tracing method, and relates to the technical field of network security. The method specifically comprises the steps that firstly, existing DDoS malicious codes or suspicious files under a Linux system serve as samples to be detected to be bred for a long time; constructing a Docker mirror image of the Linux system, runningthe Docker mirror image into each virtual environment of each server to form a container, successfully starting each container, storing running information into a database, and configuring a monitoring program of each container; then, putting each to-be-detected sample into a respective corresponding container, and carrying out multi-dimensional monitoring on the behavior of the to-be-detected sample by utilizing a monitoring program; and judging whether all traffic of each sample exceeds a DDoS attack traffic threshold, and if so, calling a DDoS event analysis function to cut off a discoveredDDoS attack event, comprehensively analyzing, tracking and tracing, and positioning an IP of a botnet main control end. Otherwise, the to-be-detected sample is a safe sample and is not processed. Themaster control end of the puppet machine can be effectively tracked.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a breeding-based DDoS malicious code detection and source tracing method. Background technique [0002] Distributed denial of service attack, or DDoS, is an attack method that sends abnormal requests to the target through a large-scale puppet machine, causing the target to be unable to receive and respond to normal requests due to excessive occupation of system hosts and network resources. Among them, the puppet machine is a machine remotely controlled by the attacker. The attacker often collects the puppet machine from the network by means of scanning, vulnerability exploitation, or weak password blasting, and implants malicious code in the successfully invaded server, thereby passing the C / S mode. Manipulate the puppet machine to launch DDoS attacks, or perform scanning and spreading. [0003] The existing DDoS malicious code detection and traceability have the follow...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F21/53
CPCH04L63/1458H04L63/1416G06F21/53Y02D30/50
Inventor 杜飞尹天阳张兴睿
Owner BEIJING RUICHI XINAN TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products