Machine learning based botnet detection using real-time connectivity graph based traffic features
US8762298B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Jan 5, 2011 |
| Grant date | Jun 24, 2014 |
| Priority date | — |
| Expiry date | Jun 2, 2032 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/144
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method for identifying a botnet in a network, including analyzing historical network data using a pre-determined heuristic to determine values of a connectivity graph based feature in the historical network data, obtaining a ground truth data set having labels assigned to data units in the historical network data identifying known malicious nodes in the network, analyzing the historical network data and the ground truth data set using a machine learning algorithm to generate a model representing the labels as a function of the values of the connectivity graph based feature, analyzing real-time network data using the pre-determined heuristic to determine a value of the connectivity graph based feature for a data unit in the real-time network data, assigning a label to the data unit by applying the model to the value of the connectivity graph based feature, and categorizing the data unit as associated with the botnet based on the label.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.