Botnet behavior pattern analysis system and method

摘要

PURPOSE: A system and a method for spamming botnet by analyzing a botnet behavior pattern are provided to minimize the damage caused by botnets through the sensing of initial behavior of a certain botnet depending on a behavior pattern. CONSTITUTION: An extraction unit(101) extracts log information from e-mail low data, and a vector generator(102) generates a vector through the data grouping of the same log information. A filtering unit(103) filters the vector corresponding to preset exceptional conditions, and an integrating unit(104) clusters the vectors of similar transmission pattern through the analysis of a transmission pattern based on a KL_Divergence value. The integration unit integrates vectors in the clusters finally connected to each other.