Invention Grant
US08307459B2 Botnet early detection using hybrid hidden markov model algorithm
有权
僵尸网络早期检测使用混合隐马尔可夫模型算法
- Patent Title: Botnet early detection using hybrid hidden markov model algorithm
- Patent Title (中): 僵尸网络早期检测使用混合隐马尔可夫模型算法
-
Application No.: US12726272Application Date: 2010-03-17
-
Publication No.: US08307459B2Publication Date: 2012-11-06
- Inventor: Hahn-Ming Lee , Ching-Hao Mao , Yu-Jie Chen , Yi-Hsun Wang , Jerome Yeh , Tsu-Han Chen
- Applicant: Hahn-Ming Lee , Ching-Hao Mao , Yu-Jie Chen , Yi-Hsun Wang , Jerome Yeh , Tsu-Han Chen
- Applicant Address: TW Taipei
- Assignee: National Taiwan University of Science and Technology
- Current Assignee: National Taiwan University of Science and Technology
- Current Assignee Address: TW Taipei
- Priority: TW98122517A 20090703
- Main IPC: G06F7/04
- IPC: G06F7/04 ; G06F11/00
Abstract:
A botnet detection system is provided. A bursty feature extractor receives an Internet Relay Chat (IRC) packet value from a detection object network, and determines a bursty feature accordingly. A Hybrid Hidden Markov Model (HHMM) parameter estimator determines probability parameters for a Hybrid Hidden Markov Model according to the bursty feature. A traffic profile generator establishes a probability sequential model for the Hybrid Hidden Markov Model according to the probability parameters and pre-defined network traffic categories. A dubious state detector determines a traffic state corresponding to a network relaying the IRC packet in response to reception of a new IRC packet, determines whether the IRC packet flow of the object network is dubious by applying the bursty feature to the probability sequential model for the Hybrid Hidden Markov Model, and generates a warning signal when the IRC packet flow is regarded as having a dubious traffic state.
Public/Granted literature
- US20110004936A1 BOTNET EARLY DETECTION USING HYBRID HIDDEN MARKOV MODEL ALGORITHM Public/Granted day:2011-01-06
Information query
