SYSTEM AND METHOD FOR BOTNET DETECTION BASED ON SIGNATURE USING NETWORK TRAFFIC ANALYSIS

PURPOSE: A signature based botnet detection system and method thereof are provided to effectively detect communication objects of traffic by matching patterns for the collected traffic. CONSTITUTION: A traffic collecting engine filters and collects the traffic of a botnet detection target network. A...

Full description

Saved in:
Bibliographic Details
Main Authors JEONG, HYUN CHEOL, JI, SEUNG GOO, IM, CHAE TAE, KANG, DONG WAN, OH, JOO HYUNG
Format Patent
LanguageEnglish
Korean
Published 18.06.2012
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online AccessGet full text

Cover

More Information
Summary:PURPOSE: A signature based botnet detection system and method thereof are provided to effectively detect communication objects of traffic by matching patterns for the collected traffic. CONSTITUTION: A traffic collecting engine filters and collects the traffic of a botnet detection target network. A group analysis engine groups the traffic according to destination by using IP(Internet Protocol) traffic information. A DNS(Domain Name Service) analysis engine detects fast-flux and abnormal DNS by using DNS traffic information. A lightweight detecting engine detects botnet by matching a low traffic pattern with a botnet communication pattern by using low traffic information.
Bibliography:Application Number: KR20100134957