CandC domain name analysis-based botnet detection method, device, apparatus and medium
US11374897B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 18, 2018 |
| Grant date | Jun 28, 2022 |
| Priority date | — |
| Expiry date | Jul 18, 2038 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/144
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
The invention provides a command-and-control (C&C) domain name analysis-based botnet detection method, device, apparatus and medium. The method includes an information acquisition step where DNS logs are acquired; a domain name analysis step where C&C domain names in the DNS logs are detected and the category of each C&C domain name is determined according to a pre-built domain name analyzer; a botnet determination step where whether a botnet exists is determined according to the C&C domain name and the category of C&C domain name. In the C&C domain name analysis-based botnet detection method, device, apparatus and medium provided by the present invention, by analyzing the domain name system (DNS) logs, the C&C domain name used in the attack activity is extracted for further analysis of the types of parasitic Trojans to thereby lock down the bot that the C&C server has controlled. In addition, the botnet activity trend can be analyzed by analyzing the Poisson parameter of each type of the C&C domain name, so as to form effective suppression measures in time.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.