Invention Grant
- Patent Title: Command and control channel detection with query string signature
- Patent Title (中): 命令和控制通道检测与查询字符串签名
-
Application No.: US13250928Application Date: 2011-09-30
-
Publication No.: US08561188B1Publication Date: 2013-10-15
- Inventor: Jui Pang Wang , Ming-Tai Chang , Jui-Chieh Wu
- Applicant: Jui Pang Wang , Ming-Tai Chang , Jui-Chieh Wu
- Applicant Address: JP Tokyo
- Assignee: Trend Micro, Inc.
- Current Assignee: Trend Micro, Inc.
- Current Assignee Address: JP Tokyo
- Agency: Beyer Law Group LLP
- Main IPC: G06F21/00
- IPC: G06F21/00
Abstract:
Detection and prevention of botnet behavior is accomplished by monitoring access request in a network. Each request includes a domain of content to access and a path of content to access, and each path includes a file name and query string. Once obtained, the query strings for each of these requests are normalized. A signature is then created for each of the normalized query strings. The obtained requests can then be grouped by signature. Once the requests have been grouped by signature, each grouping is examined to identify suspicious signatures based on common botnet behavior. Suspicious requests are used in back-end and front-end defenses against botnets.
Information query
