Distributed systems and methods for automatically detecting unknown bots and botnets
US9430646B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 14, 2013 |
| Grant date | Aug 30, 2016 |
| Priority date | — |
| Expiry date | Jul 11, 2033 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/57
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Techniques may automatically detect bots or botnets running in a computer or other digital device by detecting command and control communications, called “call-backs,” from malicious code that has previously gained entry into the digital device. Callbacks are detected using a distributed approach employing one or more local analyzers and a central analyzer. The local analyzers capture packets of outbound communications, generate header signatures, and analyze the captured packets using various techniques. The techniques may include packet header signature matching against verified callback signatures, deep packet inspection. The central analyzer receives the header signatures and related header information from the local analyzers, may perform further analysis (for example, on-line host reputation analysis); determines using a heuristics analysis whether the signatures correspond to callbacks; and generally coordinates among the local analyzers.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.