Botnet attack CC server tracing method based on deep learning
The invention discloses a Botnet attack Camp based on deep learning. The C server traceability method comprises the following steps: step 1, data set preprocessing and feature extraction; step 2, through a fused LSTM + CNN training model, identifying a command and control Camp by using the extracted...
Gespeichert in:
| Hauptverfasser: | , , , , , , , , , |
|---|---|
| Format: | Patent |
| Sprache: | chi ; eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | SHEN QI XIAO CHUNYI LI ZIXUAN WANG YONGLIN LI BAIXUAN BACH CHEN SHAOQIN HUANG XUELONG ZHANG YUNCHUN GE XUEQING |
| description | The invention discloses a Botnet attack Camp based on deep learning. The C server traceability method comprises the following steps: step 1, data set preprocessing and feature extraction; step 2, through a fused LSTM + CNN training model, identifying a command and control Camp by using the extracted features; the C session data part is processed according to a heartbeat HeartBeat message and the Camp; c, a heartbeat data packet is separated from the tracking relation of the server; and step 3, carrying out data extraction on the heartbeat data packet and taking the heartbeat data packet as input data for constructing a graph convolutional neural network GCN, and realizing traceability of the Botnet host of the Botnet through the GCN. The problem that in the prior art, due to the fact that data has the characteristics of complex dynamic characteristics, instability and the like, a traditional detection method cannot obtain an ideal detection result is solved, and the accuracy of detecting and tracing the attac |
| format | Patent |
| fullrecord | <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_CN116389144A</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>CN116389144A</sourcerecordid><originalsourceid>FETCH-epo_espacenet_CN116389144A3</originalsourceid><addsrcrecordid>eNrjZLB1yi_JSy1RSCwpSUzOVnB2VihOLSpLLVIoKUpMzsxLV8hNLcnIT1FISixOTVHIz1NISU0tUMhJTSzKA8ryMLCmJeYUp_JCaW4GRTfXEGcP3dSC_PjU4oLE5FSg4fHOfoaGZsYWloYmJo7GxKgBAMpWL4I</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Botnet attack CC server tracing method based on deep learning</title><source>esp@cenet</source><creator>SHEN QI ; XIAO CHUNYI ; LI ZIXUAN ; WANG YONGLIN ; LI BAIXUAN ; BACH ; CHEN SHAOQIN ; HUANG XUELONG ; ZHANG YUNCHUN ; GE XUEQING</creator><creatorcontrib>SHEN QI ; XIAO CHUNYI ; LI ZIXUAN ; WANG YONGLIN ; LI BAIXUAN ; BACH ; CHEN SHAOQIN ; HUANG XUELONG ; ZHANG YUNCHUN ; GE XUEQING</creatorcontrib><description>The invention discloses a Botnet attack Camp based on deep learning. The C server traceability method comprises the following steps: step 1, data set preprocessing and feature extraction; step 2, through a fused LSTM + CNN training model, identifying a command and control Camp by using the extracted features; the C session data part is processed according to a heartbeat HeartBeat message and the Camp; c, a heartbeat data packet is separated from the tracking relation of the server; and step 3, carrying out data extraction on the heartbeat data packet and taking the heartbeat data packet as input data for constructing a graph convolutional neural network GCN, and realizing traceability of the Botnet host of the Botnet through the GCN. The problem that in the prior art, due to the fact that data has the characteristics of complex dynamic characteristics, instability and the like, a traditional detection method cannot obtain an ideal detection result is solved, and the accuracy of detecting and tracing the attac</description><language>chi ; eng</language><subject>CALCULATING ; COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS ; COMPUTING ; COUNTING ; ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRICITY ; PHYSICS ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2023</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20230704&DB=EPODOC&CC=CN&NR=116389144A$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,777,882,25545,76296</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20230704&DB=EPODOC&CC=CN&NR=116389144A$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>SHEN QI</creatorcontrib><creatorcontrib>XIAO CHUNYI</creatorcontrib><creatorcontrib>LI ZIXUAN</creatorcontrib><creatorcontrib>WANG YONGLIN</creatorcontrib><creatorcontrib>LI BAIXUAN</creatorcontrib><creatorcontrib>BACH</creatorcontrib><creatorcontrib>CHEN SHAOQIN</creatorcontrib><creatorcontrib>HUANG XUELONG</creatorcontrib><creatorcontrib>ZHANG YUNCHUN</creatorcontrib><creatorcontrib>GE XUEQING</creatorcontrib><title>Botnet attack CC server tracing method based on deep learning</title><description>The invention discloses a Botnet attack Camp based on deep learning. The C server traceability method comprises the following steps: step 1, data set preprocessing and feature extraction; step 2, through a fused LSTM + CNN training model, identifying a command and control Camp by using the extracted features; the C session data part is processed according to a heartbeat HeartBeat message and the Camp; c, a heartbeat data packet is separated from the tracking relation of the server; and step 3, carrying out data extraction on the heartbeat data packet and taking the heartbeat data packet as input data for constructing a graph convolutional neural network GCN, and realizing traceability of the Botnet host of the Botnet through the GCN. The problem that in the prior art, due to the fact that data has the characteristics of complex dynamic characteristics, instability and the like, a traditional detection method cannot obtain an ideal detection result is solved, and the accuracy of detecting and tracing the attac</description><subject>CALCULATING</subject><subject>COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRICITY</subject><subject>PHYSICS</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2023</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNrjZLB1yi_JSy1RSCwpSUzOVnB2VihOLSpLLVIoKUpMzsxLV8hNLcnIT1FISixOTVHIz1NISU0tUMhJTSzKA8ryMLCmJeYUp_JCaW4GRTfXEGcP3dSC_PjU4oLE5FSg4fHOfoaGZsYWloYmJo7GxKgBAMpWL4I</recordid><startdate>20230704</startdate><enddate>20230704</enddate><creator>SHEN QI</creator><creator>XIAO CHUNYI</creator><creator>LI ZIXUAN</creator><creator>WANG YONGLIN</creator><creator>LI BAIXUAN</creator><creator>BACH</creator><creator>CHEN SHAOQIN</creator><creator>HUANG XUELONG</creator><creator>ZHANG YUNCHUN</creator><creator>GE XUEQING</creator><scope>EVB</scope></search><sort><creationdate>20230704</creationdate><title>Botnet attack CC server tracing method based on deep learning</title><author>SHEN QI ; XIAO CHUNYI ; LI ZIXUAN ; WANG YONGLIN ; LI BAIXUAN ; BACH ; CHEN SHAOQIN ; HUANG XUELONG ; ZHANG YUNCHUN ; GE XUEQING</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_CN116389144A3</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>chi ; eng</language><creationdate>2023</creationdate><topic>CALCULATING</topic><topic>COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRICITY</topic><topic>PHYSICS</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>SHEN QI</creatorcontrib><creatorcontrib>XIAO CHUNYI</creatorcontrib><creatorcontrib>LI ZIXUAN</creatorcontrib><creatorcontrib>WANG YONGLIN</creatorcontrib><creatorcontrib>LI BAIXUAN</creatorcontrib><creatorcontrib>BACH</creatorcontrib><creatorcontrib>CHEN SHAOQIN</creatorcontrib><creatorcontrib>HUANG XUELONG</creatorcontrib><creatorcontrib>ZHANG YUNCHUN</creatorcontrib><creatorcontrib>GE XUEQING</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>SHEN QI</au><au>XIAO CHUNYI</au><au>LI ZIXUAN</au><au>WANG YONGLIN</au><au>LI BAIXUAN</au><au>BACH</au><au>CHEN SHAOQIN</au><au>HUANG XUELONG</au><au>ZHANG YUNCHUN</au><au>GE XUEQING</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Botnet attack CC server tracing method based on deep learning</title><date>2023-07-04</date><risdate>2023</risdate><abstract>The invention discloses a Botnet attack Camp based on deep learning. The C server traceability method comprises the following steps: step 1, data set preprocessing and feature extraction; step 2, through a fused LSTM + CNN training model, identifying a command and control Camp by using the extracted features; the C session data part is processed according to a heartbeat HeartBeat message and the Camp; c, a heartbeat data packet is separated from the tracking relation of the server; and step 3, carrying out data extraction on the heartbeat data packet and taking the heartbeat data packet as input data for constructing a graph convolutional neural network GCN, and realizing traceability of the Botnet host of the Botnet through the GCN. The problem that in the prior art, due to the fact that data has the characteristics of complex dynamic characteristics, instability and the like, a traditional detection method cannot obtain an ideal detection result is solved, and the accuracy of detecting and tracing the attac</abstract><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | |
| ispartof | |
| issn | |
| language | chi ; eng |
| recordid | cdi_epo_espacenet_CN116389144A |
| source | esp@cenet |
| subjects | CALCULATING COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS COMPUTING COUNTING ELECTRIC COMMUNICATION TECHNIQUE ELECTRICITY PHYSICS TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION |
| title | Botnet attack CC server tracing method based on deep learning |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-18T00%3A56%3A08IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=SHEN%20QI&rft.date=2023-07-04&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3ECN116389144A%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |