摘要 |
<p>A botnet inspection method and system are disclosed in the network communication security field. The method includes the following steps: receiving a communication message from the network to be tested; picking up botnet message information of the communication message according to the communication message; picking up bot host IP and controller IP according to the botnet message information; inquiring about the account numbers corresponding to the bot host IP and the controller IP according to the picked bot host IP and the controller IP. The system comprises the following parts: network probe, monitoring and analysis center, and authentication server. The botnet inspection method inspects the botnet in real time, and can also respond to the botnet in real time, thereby solves the problem in prior art about the unavailability of realtime detection and response caused by the ex post analysis, avoids the harm caused by the botnet, and makes the network communications more secure.</p> |