首页>
外国专利>
Detection of botnets using command-and-control access patterns
Detection of botnets using command-and-control access patterns
展开▼
机译:使用命令和控制访问模式检测僵尸网络
展开▼
页面导航
摘要
著录项
相似文献
摘要
A method and device for detecting botnets in a cloud-computing infrastructure are provided. The method includes gathering data feeds over a predefined detection time window to produce a detection dataset, wherein the detection dataset includes at least security events and a first set of bot-labels related to the activity of each of at least one virtual machine in the cloud-computing infrastructure during the detection time window; generating, using the detection dataset, a features vector for each of a plurality of virtual machines in the cloud-computing infrastructure, wherein the features vector is based on idiosyncratic (iSync) scores related to botnet activity; transmitting each generated features vector to a supervised machine learning decision model to generate a label indicating if each of the plurality of virtual machines is a bot based on the respective features vector; and determining each virtual machine labeled as a bot as being part of a botnet.
展开▼