| 发明名称 |
FIREWALL BASED BOTNET DETECTION |
| 摘要 |
A computer detects malicious intrusions (or bots) into a computer. The computer receives firewall log data that includes communication records containing the source and destination of the communication, as well as, the time of the communication. The source or destination of the communication may be on a list of suspicious servers known to contain malicious software. The computer identifies a sequence of communications between a common source address and a common destination address. The computer further identifies substantially fixed intervals between the communications, and generates an alert indicating a suspected bot intrusion. The computer also identifies from the sequence of communication, patterns in the communication intervals, similarly generating an alert indicating a suspected bot intrusion. |
| 申请公布号 |
US2014344912(A1) |
申请公布日期 |
2014.11.20 |
| 申请号 |
US201313897519 |
申请日期 |
2013.05.20 |
| 申请人 |
International Business Machines Corporation |
发明人 |
Chapman, II Daniel E.;Givental Gary I.;Kuhn John D.;Suzio Michael J. |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for detecting malicious intrusions into a computer, the method comprising:
identifying, by one or more processors, a sequence of communications between a common source address and a common destination address through a firewall for the computer, and respective times of the communications; and determining, by one or more processors, that the communications occur at substantially fixed intervals, and based at least in part on the determination, generating an alert indicating a suspected bot intrusion. |
| 地址 |
Armonk NY US |
