Botnet attack CC server tracing method based on deep learning

Botnet attack CC server tracing method based on deep learning

The invention discloses a Botnet attack Camp based on deep learning. The C server traceability method comprises the following steps: step 1, data set preprocessing and feature extraction; step 2, through a fused LSTM + CNN training model, identifying a command and control Camp by using the extracted...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: SHEN QI, XIAO CHUNYI, LI ZIXUAN, WANG YONGLIN, LI BAIXUAN, BACH, CHEN SHAOQIN, HUANG XUELONG, ZHANG YUNCHUN, GE XUEQING
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention discloses a Botnet attack Camp based on deep learning. The C server traceability method comprises the following steps: step 1, data set preprocessing and feature extraction; step 2, through a fused LSTM + CNN training model, identifying a command and control Camp by using the extracted features; the C session data part is processed according to a heartbeat HeartBeat message and the Camp; c, a heartbeat data packet is separated from the tracking relation of the server; and step 3, carrying out data extraction on the heartbeat data packet and taking the heartbeat data packet as input data for constructing a graph convolutional neural network GCN, and realizing traceability of the Botnet host of the Botnet through the GCN. The problem that in the prior art, due to the fact that data has the characteristics of complex dynamic characteristics, instability and the like, a traditional detection method cannot obtain an ideal detection result is solved, and the accuracy of detecting and tracing the attac