Abnormal equipment detection method and device, electronic equipment and storage medium

Abnormal equipment detection method and device, electronic equipment and storage medium

The invention relates to the technical field of network and information security, and provides an abnormal equipment detection method and device, electronic equipment and a storage medium. The abnormal equipment detection method comprises the following steps: analyzing domain name system (DNS) traff...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: DENG BOREN, SHI GUOSHUI, WU BO, LIU DONGXIN, WANG LAIFU
Format: Patent
Sprache:chi ; eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention relates to the technical field of network and information security, and provides an abnormal equipment detection method and device, electronic equipment and a storage medium. The abnormal equipment detection method comprises the following steps: analyzing domain name system (DNS) traffic in a target network to obtain DNS query information including query equipment information, DNS server information and domain name information; obtaining a DNS query log of each query device from the DNS query information according to the query device information; performing feature calculation on the DNS query log of each query device to obtain DNS query behavior features including query type features, query DNS server features, query domain name features and query frequency features of each query device; and clustering the DNS query behavior characteristics of all query devices in the target network to determine abnormal query devices according to a clustering result. According to the abnormal equipment detecti