摘要 |
<p>PURPOSE: A cyber threat prediction device and a method thereof are provided to predict extensive attacks for a global network by determining a botnet as a sign for cyber threats. CONSTITUTION: A DNS(Domain Name System) based C&C(Computer and Communications) server detecting unit(210) extracts a domain address which is doubted as a C&C server by analyzing DNS traffic. A network based abnormal detecting unit(220) detects information of zombie PC(Personal Computer) and detects an IP address of the zombie PC by analyzing network traffic. A cyber threat prediction unit(230) predicts cyber threat situations based on the information of the zombie PC. The network based abnormal detecting unit is installed in an international gate network. The DNS based C&C server detecting unit analyzes the DNS traffic based on an N-tier server, traffic characteristics, and a domain address. [Reference numerals] (210) DNS based C&C server detecting unit; (220) Network based abnormal detecting unit; (230) Cyber threat prediction unit; (AA) DNS server farm; (BB) International gate network</p> |