Method and apparatus for detecting compromised host computers

Invention Grant

US08533819B2 Method and apparatus for detecting compromised host computers 有权

Title translation: 用于检测受损主机的方法和装置

Please log in to see more content

Patent Title: Method and apparatus for detecting compromised host computers
Patent Title (中): 用于检测受损主机的方法和装置
Application No.: US11540827

Application Date: 2006-09-29
Publication No.: US08533819B2

Publication Date: 2013-09-10
Inventor: David A. Hoeflin , Anestis Karasaridis , Carl Brian Rexroad
Applicant: David A. Hoeflin , Anestis Karasaridis , Carl Brian Rexroad
Applicant Address: US GA Atlanta
Assignee: AT&T Intellectual Property II, L.P.
Current Assignee: AT&T Intellectual Property II, L.P.
Current Assignee Address: US GA Atlanta
Main IPC: H04L29/06
IPC: H04L29/06

Abstract:

A method and apparatus for detecting compromised host computers (e.g., Bots) are disclosed. For example, the method identifies a plurality of suspicious hosts. Once identified, the method analyzes network traffic of the plurality suspicious hosts to identify a plurality suspicious hub-servers. The method then classifies the plurality of candidate Bots into at least one group. The method then identifies members of each of the at least one group that are connected to a same controller from the plurality suspicious controllers, where the members are identified to be part of a Botnet.

Abstract(Chinese):

公开了一种用于检测受损主机（例如，Bots）的方法和装置。例如，该方法识别多个可疑主机。一旦识别，该方法分析多个可疑主机的网络流量，以识别多个可疑集线器服务器。然后，该方法将多个候选机器分类为至少一个组。该方法然后从多个可疑控制器中识别连接到同一控制器的至少一个组中的每一个的成员，其中成员被识别为僵尸网络的一部分。

Public/Granted literature

US20080080518A1 Method and apparatus for detecting compromised host computers Public/Granted day:2008-04-03

Information query

Espacenet