摘要 |
<p>A method is disclosed for distributed detection of botnets via a plurality of sensors on a network. According to embodiments, DNS information, including domain names and addresses, is received at a sensor, the number of unique subnets corresponding to a domain name is determined and an alert is sent to other sensors when the number of unique subnets exceeds a first threshold. Other embodiments are also disclosed.</p> |