Patent · US Active

Method and apparatus for detecting compromised host computers

US8533819B2 · kind B2 · utility

14Cited by

0References

13Claims

0Family size

Assignee

AT&T Intellectual Property I, L.P. · US

Inventors

David Hoeflin · Middletown, US
Anestis Karasaridis · Middletown, US
Carl Brian Rexroad · Oak Ridge, US

Key dates

Filing date	Sep 29, 2006
Grant date	Sep 10, 2013
Priority date	—
Expiry date	Mar 17, 2029

Classification

Technology area (CPC H)Electricity
CPC primaryH04L2463/144
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A method and apparatus for detecting compromised host computers (e.g., Bots) are disclosed. For example, the method identifies a plurality of suspicious hosts. Once identified, the method analyzes network traffic of the plurality suspicious hosts to identify a plurality suspicious hub-servers. The method then classifies the plurality of candidate Bots into at least one group. The method then identifies members of each of the at least one group that are connected to a same controller from the plurality suspicious controllers, where the members are identified to be part of a Botnet.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.