CN108769034B - 一种实时在线监测远控木马控制端ip地址的方法及装置 - Google Patents
一种实时在线监测远控木马控制端ip地址的方法及装置 Download PDFInfo
- Publication number
- CN108769034B CN108769034B CN201810561442.1A CN201810561442A CN108769034B CN 108769034 B CN108769034 B CN 108769034B CN 201810561442 A CN201810561442 A CN 201810561442A CN 108769034 B CN108769034 B CN 108769034B
- Authority
- CN
- China
- Prior art keywords
- access request
- address
- dns access
- malicious
- domain name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810561442.1A CN108769034B (zh) | 2018-06-01 | 2018-06-01 | 一种实时在线监测远控木马控制端ip地址的方法及装置 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810561442.1A CN108769034B (zh) | 2018-06-01 | 2018-06-01 | 一种实时在线监测远控木马控制端ip地址的方法及装置 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108769034A CN108769034A (zh) | 2018-11-06 |
CN108769034B true CN108769034B (zh) | 2021-02-26 |
Family
ID=64002314
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810561442.1A Active CN108769034B (zh) | 2018-06-01 | 2018-06-01 | 一种实时在线监测远控木马控制端ip地址的方法及装置 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108769034B (zh) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109274676B (zh) * | 2018-10-07 | 2020-12-11 | 杭州安恒信息技术股份有限公司 | 基于自学习方式获取木马控制端ip地址的方法、***和存储设备 |
CN110233831A (zh) * | 2019-05-21 | 2019-09-13 | 深圳壹账通智能科技有限公司 | 恶意注册的检测方法及装置 |
CN111030979A (zh) * | 2019-06-20 | 2020-04-17 | 哈尔滨安天科技集团股份有限公司 | 一种恶意域名检测方法、装置及存储设备 |
CN110300193B (zh) * | 2019-07-01 | 2021-07-06 | 北京微步在线科技有限公司 | 一种获取实体域名的方法和装置 |
CN111212039A (zh) * | 2019-12-23 | 2020-05-29 | 杭州安恒信息技术股份有限公司 | 基于dns流量的主机挖矿行为检测方法 |
CN112640392B (zh) * | 2020-11-20 | 2022-05-13 | 华为技术有限公司 | 一种木马检测方法、装置和设备 |
CN113992442B (zh) * | 2021-12-28 | 2022-03-18 | 北京微步在线科技有限公司 | 一种木马连通成功检测方法及装置 |
CN116016479A (zh) * | 2022-12-05 | 2023-04-25 | 北京天融信网络安全技术有限公司 | 服务器控制方法、装置、电子设备及计算机可读存储介质 |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102202064B (zh) * | 2011-06-13 | 2013-09-25 | 刘胜利 | 基于网络数据流分析的木马通信行为特征提取方法 |
US9088606B2 (en) * | 2012-07-05 | 2015-07-21 | Tenable Network Security, Inc. | System and method for strategic anti-malware monitoring |
CN105024969B (zh) * | 2014-04-17 | 2018-04-03 | 北京启明星辰信息安全技术有限公司 | 一种实现恶意域名识别的方法及装置 |
US9363269B2 (en) * | 2014-07-30 | 2016-06-07 | Zscaler, Inc. | Zero day threat detection based on fast flux detection and aggregation |
CN105187393B (zh) * | 2015-08-10 | 2018-05-22 | 济南大学 | 一种移动终端恶意软件网络行为重构方法及其*** |
CN106101088B (zh) * | 2016-06-04 | 2019-05-24 | 北京兰云科技有限公司 | 清洗设备、检测设备、路由设备和防范dns攻击的方法 |
CN107592312B (zh) * | 2017-09-18 | 2021-04-30 | 济南互信软件有限公司 | 一种基于网络流量的恶意软件检测方法 |
-
2018
- 2018-06-01 CN CN201810561442.1A patent/CN108769034B/zh active Active
Also Published As
Publication number | Publication date |
---|---|
CN108769034A (zh) | 2018-11-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108769034B (zh) | 一种实时在线监测远控木马控制端ip地址的方法及装置 | |
US9860278B2 (en) | Log analyzing device, information processing method, and program | |
CN111010409B (zh) | 加密攻击网络流量检测方法 | |
US8578493B1 (en) | Botnet beacon detection | |
US8516573B1 (en) | Method and apparatus for port scan detection in a network | |
US7752665B1 (en) | Detecting probes and scans over high-bandwidth, long-term, incomplete network traffic information using limited memory | |
CN109474575B (zh) | 一种dns隧道的检测方法及装置 | |
CN103795709B (zh) | 一种网络安全检测方法和*** | |
JP5264470B2 (ja) | 攻撃判定装置及びプログラム | |
TW201703465A (zh) | 網路異常偵測技術 | |
US7805762B2 (en) | Method and system for reducing the false alarm rate of network intrusion detection systems | |
CN110636085A (zh) | 基于流量的攻击检测方法、装置及计算机可读存储介质 | |
CN104135474B (zh) | 基于主机出入度的网络异常行为检测方法 | |
CN110855717B (zh) | 一种物联网设备防护方法、装置和*** | |
EP3242240B1 (en) | Malicious communication pattern extraction device, malicious communication pattern extraction system, malicious communication pattern extraction method and malicious communication pattern extraction program | |
CN108737385A (zh) | 一种基于dns映射ip的恶意域名匹配方法 | |
CN106921671B (zh) | 一种网络攻击的检测方法及装置 | |
CN104486320B (zh) | 基于蜜网技术的内网敏感信息泄露取证***及方法 | |
KR102244036B1 (ko) | 네트워크 플로우 데이터를 이용한 네트워크 자산 분류 방법 및 상기 방법에 의해 분류된 네트워크 자산에 대한 위협 탐지 방법 | |
CN107666464B (zh) | 一种信息处理方法及服务器 | |
CN105959294B (zh) | 一种恶意域名鉴别方法及装置 | |
CN113472772A (zh) | 网络攻击的检测方法、装置、电子设备及存储介质 | |
CN106790073B (zh) | 一种Web服务器恶意攻击的阻断方法、装置及防火墙 | |
CN110830487A (zh) | 物联网终端的异常状态识别方法、装置及电子设备 | |
CN113783880A (zh) | 网络安全检测***及其网络安全检测方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: No. 188, Lianhui street, Xixing street, Binjiang District, Hangzhou City, Zhejiang Province Applicant after: Hangzhou Anheng Information Technology Co.,Ltd. Address before: 310000 15-storey Zhejiang Zhongcai Building, No. 68 Tonghe Road, Binjiang District, Hangzhou City, Zhejiang Province Applicant before: Hangzhou Anheng Information Technology Co.,Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
EE01 | Entry into force of recordation of patent licensing contract | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20181106 Assignee: Hangzhou Anheng Information Security Technology Co., Ltd Assignor: Hangzhou Anheng Information Technology Co.,Ltd. Contract record no.: X2021330000118 Denomination of invention: A method and device for real-time online monitoring IP address of remote control Trojan horse control end Granted publication date: 20210226 License type: Common License Record date: 20210823 |