首页>
外国专利>
ENRICHING NETFLOW DATA WITH PASSIVE DNS DATA FOR BOTNET DETECTION
ENRICHING NETFLOW DATA WITH PASSIVE DNS DATA FOR BOTNET DETECTION
展开▼
机译:使用被动DNS数据丰富NETFLOW数据以进行僵尸网络检测
展开▼
页面导航
摘要
著录项
相似文献
摘要
In one example, a system includes a processor, memory, and a botnet detection application stored in memory and executed by the processor and configured to: obtain (i) Netflow data indicating one or more IP addresses accessed by a computer and (ii) passive Domain Name System (DNS) data indicating respective one or more domains associated with each of the one or more IP addresses; generate features associated with the computer based on the Netflow data and passive DNS data; generate probability data based on the Netflow data and passive DNS data, wherein the probability data indicates a probability that the computer accessed the one or more domains; assign weights to the features based on the probability data to provide weighted features; and determine whether the computer is likely to be part of a botnet based on the weighted features.
展开▼