Invention Grant
- Patent Title: Method and apparatus for detecting compromised host computers
- Patent Title (中): 用于检测受损主机的方法和装置
-
Application No.: US11540827Application Date: 2006-09-29
-
Publication No.: US08533819B2Publication Date: 2013-09-10
- Inventor: David A. Hoeflin , Anestis Karasaridis , Carl Brian Rexroad
- Applicant: David A. Hoeflin , Anestis Karasaridis , Carl Brian Rexroad
- Applicant Address: US GA Atlanta
- Assignee: AT&T Intellectual Property II, L.P.
- Current Assignee: AT&T Intellectual Property II, L.P.
- Current Assignee Address: US GA Atlanta
- Main IPC: H04L29/06
- IPC: H04L29/06

Abstract:
A method and apparatus for detecting compromised host computers (e.g., Bots) are disclosed. For example, the method identifies a plurality of suspicious hosts. Once identified, the method analyzes network traffic of the plurality suspicious hosts to identify a plurality suspicious hub-servers. The method then classifies the plurality of candidate Bots into at least one group. The method then identifies members of each of the at least one group that are connected to a same controller from the plurality suspicious controllers, where the members are identified to be part of a Botnet.
Public/Granted literature
- US20080080518A1 Method and apparatus for detecting compromised host computers Public/Granted day:2008-04-03
Information query