SYSTEM AND METHOD FOR BOTNET DETECTION BASED ON SIGNATURE USING NETWORK TRAFFIC ANALYSIS
PURPOSE: A signature based botnet detection system and method thereof are provided to effectively detect communication objects of traffic by matching patterns for the collected traffic. CONSTITUTION: A traffic collecting engine filters and collects the traffic of a botnet detection target network. A...
Saved in:
Main Authors | , , , , |
---|---|
Format | Patent |
Language | English Korean |
Published |
18.06.2012
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | PURPOSE: A signature based botnet detection system and method thereof are provided to effectively detect communication objects of traffic by matching patterns for the collected traffic. CONSTITUTION: A traffic collecting engine filters and collects the traffic of a botnet detection target network. A group analysis engine groups the traffic according to destination by using IP(Internet Protocol) traffic information. A DNS(Domain Name Service) analysis engine detects fast-flux and abnormal DNS by using DNS traffic information. A lightweight detecting engine detects botnet by matching a low traffic pattern with a botnet communication pattern by using low traffic information. |
---|---|
Bibliography: | Application Number: KR20100134957 |