| 摘要 |
A command control channel detection device comprises: a session log collection unit for collecting log information of sessions generated between at least one communication device of a first network and at least one communication device of a second network; an analysis unit for generating inspection data for each session on the basis of the log information and calculating an inspection data distribution on the basis of the inspection data of the sessions; and a determination unit for extracting an inspection data value corresponding to abnormal distribution in the inspection data distribution on the basis of abnormal distribution determination criteria and estimating sessions associated with the extracted inspection data value as a command control channel. |
