KR100663546B1 - 악성 봇 대응 방법 및 그 시스템 - Google Patents
악성 봇 대응 방법 및 그 시스템 Download PDFInfo
- Publication number
- KR100663546B1 KR100663546B1 KR1020050061559A KR20050061559A KR100663546B1 KR 100663546 B1 KR100663546 B1 KR 100663546B1 KR 1020050061559 A KR1020050061559 A KR 1020050061559A KR 20050061559 A KR20050061559 A KR 20050061559A KR 100663546 B1 KR100663546 B1 KR 100663546B1
- Authority
- KR
- South Korea
- Prior art keywords
- response
- abnormal
- dns
- dns query
- address
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/144—Detection or countermeasures against botnets
Abstract
Description
Claims (9)
- 악성 봇 감염 PC에 의한 DNS 과다 질의가 발생하는 도메인을 탐지하는 제 1과정;상기 제 1과정에서 탐지된 상기 도메인을 분석하여 정상 또는 비정상 관리대상으로 분류하여 등록하는 제 2과정; 및상기 비정상 관리대상에 대한 비정상 DNS 질의를 비정상 DNS 질의에 대응하기 위한 우회처리응답시스템으로 우회시켜 대응하는 제 3과정을 포함하는 것을 특징으로 하는 악성 봇 대응 방법.
- 제 1 항에 있어서, 상기 제 1과정은DNS 질의 패킷을 수집하여 특정 도메인에 대한 질의가 기 설정된 임계치를 초과하는지 탐지하는 것을 특징으로 하는 악성 봇 대응 방법.
- 제 1 항에 있어서, 상기 제 3과정은상기 비정상 DNS 질의의 목적지 주소를 상기 우회처리응답시스템으로 변경하는 제 1단계;상기 우회된 상기 비정상 DNS 질의에 대해 상기 우회처리응답시스템에서 응답을 생성하는 제 2단계; 및상기 생성된 응답을 상기 악성 봇 감염 PC로 전송하는 제 3단계를 포함하는 것을 특징으로 하는 악성 봇 대응 방법.
- 제 3 항에 있어서,상기 제 2단계에서 생성된 응답은 정상 DNS 질의에 대해 생성된 응답과 동일한 출발지 IP 주소를 가지는 것을 특징으로 하는 악성 봇 대응 방법.
- 제 3 항에 있어서,상기 제 2단계에서 생성된 상기 응답은 네트워크 관리자가 기설정해 놓은 루프백주소 및 침입유인과 악성 봇 특성 분석을 위한 시스템의 주소 중 하나를 가지는 것을 특징으로 하는 악성 봇 대응 방법.
- 과도한 DNS 질의를 받는 도메인을 분석하여 정상 또는 비정상 관리대상으로 등록하고 비정상 관리대상으로 등록된 비정상 DNS 질의를 우회처리응답시스템으로 우회시키는 우회처리시스템; 및상기 비정상 DNS 질의에 응답을 생성하는 상기 우회처리응답시스템을 포함하는 것을 특징으로 하는 악성 봇 대응 시스템.
- 제 6 항에 있어서, 상기 우회처리시스템은상기 비정상 DNS 질의의 목적지 주소를 상기 우회처리응답시스템의 주소로 변경하여 상기 비정상 DNS 질의를 우회시키는 것을 특징으로 하는 악성 봇 대응 시 스템.
- 제 6 항에 있어서,상기 우회처리응답시스템은 정상 DNS 질의에 대해 생성된 응답과 동일한 출발지 IP 주소를 상기 비정상 DNS 질의에 응답으로 생성하는 것을 특징으로 하는 악성 봇 대응 시스템.
- 제 6 항에 있어서,상기 우회처리응답시스템은 네트워크 관리자가 기설정해 놓은 루프백주소 및 침입유인과 악성 봇 특성 분석을 위한 시스템의 주소 중 하나를 상기 비정상 DNS 질의에 응답으로 생성하는 것을 특징으로 하는 악성 봇 대응 시스템.
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020050061559A KR100663546B1 (ko) | 2005-07-08 | 2005-07-08 | 악성 봇 대응 방법 및 그 시스템 |
PCT/KR2006/002512 WO2007007960A1 (en) | 2005-07-08 | 2006-06-28 | A malignant bot confrontation method and its system |
EP06769087.5A EP1902375B1 (en) | 2005-07-08 | 2006-06-28 | A malignant bot confrontation method and its system |
US11/971,118 US8112804B2 (en) | 2005-07-08 | 2008-01-08 | Malignant BOT confrontation method and its system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020050061559A KR100663546B1 (ko) | 2005-07-08 | 2005-07-08 | 악성 봇 대응 방법 및 그 시스템 |
Publications (1)
Publication Number | Publication Date |
---|---|
KR100663546B1 true KR100663546B1 (ko) | 2007-01-02 |
Family
ID=37637305
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020050061559A KR100663546B1 (ko) | 2005-07-08 | 2005-07-08 | 악성 봇 대응 방법 및 그 시스템 |
Country Status (4)
Country | Link |
---|---|
US (1) | US8112804B2 (ko) |
EP (1) | EP1902375B1 (ko) |
KR (1) | KR100663546B1 (ko) |
WO (1) | WO2007007960A1 (ko) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101070614B1 (ko) * | 2009-12-18 | 2011-10-10 | 한국인터넷진흥원 | 봇넷 정보를 이용한 악성 트래픽 격리 시스템과 봇넷 정보를 이용한 악성 트래픽 격리 방법 |
KR101069341B1 (ko) * | 2009-12-24 | 2011-10-10 | (주)디넷 | 분산 서비스 거부 공격 생성 방지 장치 |
KR101088867B1 (ko) * | 2010-05-12 | 2011-12-06 | (주)한드림넷 | 네트워크 스위치 및 그 네트워크 스위치의 보안공지방법 |
KR101144332B1 (ko) * | 2011-12-01 | 2012-05-11 | 주식회사 프라이머리넷 | 네트워크 트래픽 처리 시스템 |
Families Citing this family (160)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8566928B2 (en) * | 2005-10-27 | 2013-10-22 | Georgia Tech Research Corporation | Method and system for detecting and responding to attacking networks |
US8028090B2 (en) | 2008-11-17 | 2011-09-27 | Amazon Technologies, Inc. | Request routing utilizing client location information |
US7991910B2 (en) | 2008-11-17 | 2011-08-02 | Amazon Technologies, Inc. | Updating routing information based on client location |
US8156243B2 (en) | 2008-03-31 | 2012-04-10 | Amazon Technologies, Inc. | Request routing |
US8321568B2 (en) | 2008-03-31 | 2012-11-27 | Amazon Technologies, Inc. | Content management |
US7970820B1 (en) | 2008-03-31 | 2011-06-28 | Amazon Technologies, Inc. | Locality based content distribution |
US7962597B2 (en) | 2008-03-31 | 2011-06-14 | Amazon Technologies, Inc. | Request routing based on class |
US8601090B1 (en) | 2008-03-31 | 2013-12-03 | Amazon Technologies, Inc. | Network resource identification |
US8447831B1 (en) | 2008-03-31 | 2013-05-21 | Amazon Technologies, Inc. | Incentive driven content delivery |
US8533293B1 (en) | 2008-03-31 | 2013-09-10 | Amazon Technologies, Inc. | Client side cache management |
US8606996B2 (en) | 2008-03-31 | 2013-12-10 | Amazon Technologies, Inc. | Cache optimization |
US7925782B2 (en) | 2008-06-30 | 2011-04-12 | Amazon Technologies, Inc. | Request routing using network computing components |
US9407681B1 (en) | 2010-09-28 | 2016-08-02 | Amazon Technologies, Inc. | Latency measurement in resource requests |
US9912740B2 (en) | 2008-06-30 | 2018-03-06 | Amazon Technologies, Inc. | Latency measurement in resource requests |
US10027688B2 (en) * | 2008-08-11 | 2018-07-17 | Damballa, Inc. | Method and system for detecting malicious and/or botnet-related domain names |
US20100071065A1 (en) * | 2008-09-18 | 2010-03-18 | Alcatel Lucent | Infiltration of malware communications |
US8316124B1 (en) | 2008-09-29 | 2012-11-20 | Amazon Technologies, Inc. | Managing network data display |
US8122124B1 (en) | 2008-09-29 | 2012-02-21 | Amazon Technologies, Inc. | Monitoring performance and operation of data exchanges |
US7865594B1 (en) | 2008-09-29 | 2011-01-04 | Amazon Technologies, Inc. | Managing resources consolidation configurations |
US8286176B1 (en) | 2008-09-29 | 2012-10-09 | Amazon Technologies, Inc. | Optimizing resource configurations |
US8117306B1 (en) | 2008-09-29 | 2012-02-14 | Amazon Technologies, Inc. | Optimizing content management |
US7930393B1 (en) | 2008-09-29 | 2011-04-19 | Amazon Technologies, Inc. | Monitoring domain allocation performance |
US8806632B2 (en) * | 2008-11-17 | 2014-08-12 | Solarwinds Worldwide, Llc | Systems, methods, and devices for detecting security vulnerabilities in IP networks |
US8060616B1 (en) | 2008-11-17 | 2011-11-15 | Amazon Technologies, Inc. | Managing CDN registration by a storage provider |
US8065417B1 (en) | 2008-11-17 | 2011-11-22 | Amazon Technologies, Inc. | Service provider registration by a content broker |
US8732309B1 (en) | 2008-11-17 | 2014-05-20 | Amazon Technologies, Inc. | Request routing utilizing cost information |
US20100125663A1 (en) * | 2008-11-17 | 2010-05-20 | Donovan John J | Systems, methods, and devices for detecting security vulnerabilities in ip networks |
US8521880B1 (en) | 2008-11-17 | 2013-08-27 | Amazon Technologies, Inc. | Managing content delivery network service providers |
US8122098B1 (en) | 2008-11-17 | 2012-02-21 | Amazon Technologies, Inc. | Managing content delivery network service providers by a content broker |
US8073940B1 (en) | 2008-11-17 | 2011-12-06 | Amazon Technologies, Inc. | Managing content delivery network service providers |
US7917618B1 (en) | 2009-03-24 | 2011-03-29 | Amazon Technologies, Inc. | Monitoring web site content |
US8521851B1 (en) | 2009-03-27 | 2013-08-27 | Amazon Technologies, Inc. | DNS query processing using resource identifiers specifying an application broker |
US8756341B1 (en) | 2009-03-27 | 2014-06-17 | Amazon Technologies, Inc. | Request routing utilizing popularity information |
US8688837B1 (en) | 2009-03-27 | 2014-04-01 | Amazon Technologies, Inc. | Dynamically translating resource identifiers for request routing using popularity information |
US8412823B1 (en) | 2009-03-27 | 2013-04-02 | Amazon Technologies, Inc. | Managing tracking information entries in resource cache components |
US8732296B1 (en) * | 2009-05-06 | 2014-05-20 | Mcafee, Inc. | System, method, and computer program product for redirecting IRC traffic identified utilizing a port-independent algorithm and controlling IRC based malware |
US8782236B1 (en) | 2009-06-16 | 2014-07-15 | Amazon Technologies, Inc. | Managing resources using resource expiration data |
US8397073B1 (en) | 2009-09-04 | 2013-03-12 | Amazon Technologies, Inc. | Managing secure content in a content delivery network |
US8255453B2 (en) * | 2009-09-14 | 2012-08-28 | International Business Machines Corporation | Public BOT management in private networks |
CN102035809B (zh) * | 2009-09-29 | 2013-04-24 | 成都市华为赛门铁克科技有限公司 | 缓存中毒的防护方法和防护设备及防护系统 |
US8433771B1 (en) | 2009-10-02 | 2013-04-30 | Amazon Technologies, Inc. | Distribution network with forward resource propagation |
CN102045214B (zh) * | 2009-10-20 | 2013-06-26 | 成都市华为赛门铁克科技有限公司 | 僵尸网络检测方法、装置和系统 |
US8331371B2 (en) | 2009-12-17 | 2012-12-11 | Amazon Technologies, Inc. | Distributed routing architecture |
US8331370B2 (en) | 2009-12-17 | 2012-12-11 | Amazon Technologies, Inc. | Distributed routing architecture |
US8578497B2 (en) | 2010-01-06 | 2013-11-05 | Damballa, Inc. | Method and system for detecting malware |
US8826438B2 (en) | 2010-01-19 | 2014-09-02 | Damballa, Inc. | Method and system for network-based detecting of malware from behavioral clustering |
US9495338B1 (en) | 2010-01-28 | 2016-11-15 | Amazon Technologies, Inc. | Content distribution network |
US9053320B2 (en) | 2010-04-20 | 2015-06-09 | Verisign, Inc | Method of and apparatus for identifying requestors of machine-generated requests to resolve a textual identifier |
US9058381B2 (en) | 2010-04-20 | 2015-06-16 | Verisign, Inc. | Method of and apparatus for identifying machine-generated textual identifiers |
KR101109669B1 (ko) * | 2010-04-28 | 2012-02-08 | 한국전자통신연구원 | 좀비 식별을 위한 가상 서버 및 방법과, 가상 서버에 기반하여 좀비 정보를 통합 관리하기 위한 싱크홀 서버 및 방법 |
EP2569711A4 (en) * | 2010-05-13 | 2017-03-15 | VeriSign, Inc. | Systems and methods for identifying malicious domains using internet-wide dns lookup patterns |
US8260914B1 (en) * | 2010-06-22 | 2012-09-04 | Narus, Inc. | Detecting DNS fast-flux anomalies |
US20120011590A1 (en) * | 2010-07-12 | 2012-01-12 | John Joseph Donovan | Systems, methods and devices for providing situational awareness, mitigation, risk analysis of assets, applications and infrastructure in the internet and cloud |
US9516058B2 (en) | 2010-08-10 | 2016-12-06 | Damballa, Inc. | Method and system for determining whether domain names are legitimate or malicious |
US8756272B1 (en) | 2010-08-26 | 2014-06-17 | Amazon Technologies, Inc. | Processing encoded content |
US8924528B1 (en) | 2010-09-28 | 2014-12-30 | Amazon Technologies, Inc. | Latency measurement in resource requests |
US8819283B2 (en) | 2010-09-28 | 2014-08-26 | Amazon Technologies, Inc. | Request routing in a networked environment |
US8577992B1 (en) | 2010-09-28 | 2013-11-05 | Amazon Technologies, Inc. | Request routing management based on network components |
US10097398B1 (en) | 2010-09-28 | 2018-10-09 | Amazon Technologies, Inc. | Point of presence management in request routing |
US8938526B1 (en) | 2010-09-28 | 2015-01-20 | Amazon Technologies, Inc. | Request routing management based on network components |
US10958501B1 (en) | 2010-09-28 | 2021-03-23 | Amazon Technologies, Inc. | Request routing information based on client IP groupings |
US8468247B1 (en) | 2010-09-28 | 2013-06-18 | Amazon Technologies, Inc. | Point of presence management in request routing |
US8930513B1 (en) | 2010-09-28 | 2015-01-06 | Amazon Technologies, Inc. | Latency measurement in resource requests |
US9712484B1 (en) | 2010-09-28 | 2017-07-18 | Amazon Technologies, Inc. | Managing request routing information utilizing client identifiers |
US9003035B1 (en) | 2010-09-28 | 2015-04-07 | Amazon Technologies, Inc. | Point of presence management in request routing |
US20130067582A1 (en) * | 2010-11-12 | 2013-03-14 | John Joseph Donovan | Systems, methods and devices for providing device authentication, mitigation and risk analysis in the internet and cloud |
US8452874B2 (en) | 2010-11-22 | 2013-05-28 | Amazon Technologies, Inc. | Request routing processing |
US8626950B1 (en) | 2010-12-03 | 2014-01-07 | Amazon Technologies, Inc. | Request routing processing |
US9391949B1 (en) | 2010-12-03 | 2016-07-12 | Amazon Technologies, Inc. | Request routing processing |
US8631489B2 (en) | 2011-02-01 | 2014-01-14 | Damballa, Inc. | Method and system for detecting malicious domain names at an upper DNS hierarchy |
US10467042B1 (en) | 2011-04-27 | 2019-11-05 | Amazon Technologies, Inc. | Optimized deployment based upon customer locality |
US8966625B1 (en) | 2011-05-24 | 2015-02-24 | Palo Alto Networks, Inc. | Identification of malware sites using unknown URL sites and newly registered DNS addresses |
US8555388B1 (en) | 2011-05-24 | 2013-10-08 | Palo Alto Networks, Inc. | Heuristic botnet detection |
US8938803B1 (en) * | 2011-06-21 | 2015-01-20 | Amazon Technologies, Inc. | Detecting undesirable computing activity |
US11201848B2 (en) | 2011-07-06 | 2021-12-14 | Akamai Technologies, Inc. | DNS-based ranking of domain names |
US9843601B2 (en) | 2011-07-06 | 2017-12-12 | Nominum, Inc. | Analyzing DNS requests for anomaly detection |
US10742591B2 (en) | 2011-07-06 | 2020-08-11 | Akamai Technologies Inc. | System for domain reputation scoring |
US9185127B2 (en) * | 2011-07-06 | 2015-11-10 | Nominum, Inc. | Network protection service |
US8949982B2 (en) * | 2011-12-30 | 2015-02-03 | Verisign, Inc. | Method for administering a top-level domain |
US8904009B1 (en) | 2012-02-10 | 2014-12-02 | Amazon Technologies, Inc. | Dynamic content delivery |
US10021179B1 (en) | 2012-02-21 | 2018-07-10 | Amazon Technologies, Inc. | Local resource delivery network |
US9172674B1 (en) | 2012-03-21 | 2015-10-27 | Amazon Technologies, Inc. | Managing request routing information utilizing performance information |
US10623408B1 (en) | 2012-04-02 | 2020-04-14 | Amazon Technologies, Inc. | Context sensitive object management |
US9154551B1 (en) | 2012-06-11 | 2015-10-06 | Amazon Technologies, Inc. | Processing DNS queries to identify pre-processing information |
US10547674B2 (en) | 2012-08-27 | 2020-01-28 | Help/Systems, Llc | Methods and systems for network flow analysis |
US9680861B2 (en) | 2012-08-31 | 2017-06-13 | Damballa, Inc. | Historical analysis to identify malicious activity |
US10084806B2 (en) | 2012-08-31 | 2018-09-25 | Damballa, Inc. | Traffic simulation to identify malicious activity |
US9894088B2 (en) | 2012-08-31 | 2018-02-13 | Damballa, Inc. | Data mining to identify malicious activity |
US9166994B2 (en) | 2012-08-31 | 2015-10-20 | Damballa, Inc. | Automation discovery to identify malicious activity |
US9525659B1 (en) | 2012-09-04 | 2016-12-20 | Amazon Technologies, Inc. | Request routing utilizing point of presence load information |
US9323577B2 (en) | 2012-09-20 | 2016-04-26 | Amazon Technologies, Inc. | Automated profiling of resource usage |
US9135048B2 (en) | 2012-09-20 | 2015-09-15 | Amazon Technologies, Inc. | Automated profiling of resource usage |
US9104870B1 (en) | 2012-09-28 | 2015-08-11 | Palo Alto Networks, Inc. | Detecting malware |
US9215239B1 (en) | 2012-09-28 | 2015-12-15 | Palo Alto Networks, Inc. | Malware detection based on traffic analysis |
US10205698B1 (en) | 2012-12-19 | 2019-02-12 | Amazon Technologies, Inc. | Source-dependent address resolution |
US9497213B2 (en) * | 2013-03-15 | 2016-11-15 | Fireeye, Inc. | System and method to manage sinkholes |
GB201306628D0 (en) | 2013-04-11 | 2013-05-29 | F Secure Oyj | Detecting and marking client devices |
US9294391B1 (en) | 2013-06-04 | 2016-03-22 | Amazon Technologies, Inc. | Managing network computing components utilizing request routing |
US9571511B2 (en) | 2013-06-14 | 2017-02-14 | Damballa, Inc. | Systems and methods for traffic classification |
US9443075B2 (en) * | 2013-06-27 | 2016-09-13 | The Mitre Corporation | Interception and policy application for malicious communications |
US9613210B1 (en) | 2013-07-30 | 2017-04-04 | Palo Alto Networks, Inc. | Evaluating malware in a virtual machine using dynamic patching |
US9811665B1 (en) | 2013-07-30 | 2017-11-07 | Palo Alto Networks, Inc. | Static and dynamic security analysis of apps for mobile devices |
US10019575B1 (en) | 2013-07-30 | 2018-07-10 | Palo Alto Networks, Inc. | Evaluating malware in a virtual machine using copy-on-write |
US9405903B1 (en) | 2013-10-31 | 2016-08-02 | Palo Alto Networks, Inc. | Sinkholing bad network domains by registering the bad network domains on the internet |
US9325735B1 (en) * | 2013-10-31 | 2016-04-26 | Palo Alto Networks, Inc. | Selective sinkholing of malware domains by a security device via DNS poisoning |
US9560072B1 (en) | 2013-10-31 | 2017-01-31 | Palo Alto Networks, Inc. | Discovering and selecting candidates for sinkholing of network domains |
US9077639B2 (en) * | 2013-11-18 | 2015-07-07 | Arbor Networks, Inc. | Managing data traffic on a cellular network |
US9489516B1 (en) | 2014-07-14 | 2016-11-08 | Palo Alto Networks, Inc. | Detection of malware using an instrumented virtual machine environment |
US10091096B1 (en) | 2014-12-18 | 2018-10-02 | Amazon Technologies, Inc. | Routing mode and point-of-presence selection service |
US9805193B1 (en) * | 2014-12-18 | 2017-10-31 | Palo Alto Networks, Inc. | Collecting algorithmically generated domains |
US10033627B1 (en) | 2014-12-18 | 2018-07-24 | Amazon Technologies, Inc. | Routing mode and point-of-presence selection service |
US9542554B1 (en) | 2014-12-18 | 2017-01-10 | Palo Alto Networks, Inc. | Deduplicating malware |
US10097448B1 (en) | 2014-12-18 | 2018-10-09 | Amazon Technologies, Inc. | Routing mode and point-of-presence selection service |
US10225326B1 (en) | 2015-03-23 | 2019-03-05 | Amazon Technologies, Inc. | Point of presence based data uploading |
US9930065B2 (en) | 2015-03-25 | 2018-03-27 | University Of Georgia Research Foundation, Inc. | Measuring, categorizing, and/or mitigating malware distribution paths |
US9887931B1 (en) | 2015-03-30 | 2018-02-06 | Amazon Technologies, Inc. | Traffic surge management for points of presence |
US9887932B1 (en) | 2015-03-30 | 2018-02-06 | Amazon Technologies, Inc. | Traffic surge management for points of presence |
US9819567B1 (en) | 2015-03-30 | 2017-11-14 | Amazon Technologies, Inc. | Traffic surge management for points of presence |
US10686814B2 (en) * | 2015-04-10 | 2020-06-16 | Hewlett Packard Enterprise Development Lp | Network anomaly detection |
US9832141B1 (en) | 2015-05-13 | 2017-11-28 | Amazon Technologies, Inc. | Routing based request correlation |
US10616179B1 (en) | 2015-06-25 | 2020-04-07 | Amazon Technologies, Inc. | Selective routing of domain name system (DNS) requests |
US9917852B1 (en) | 2015-06-29 | 2018-03-13 | Palo Alto Networks, Inc. | DGA behavior detection |
US10097566B1 (en) | 2015-07-31 | 2018-10-09 | Amazon Technologies, Inc. | Identifying targets of network attacks |
KR101702102B1 (ko) * | 2015-08-13 | 2017-02-13 | 주식회사 케이티 | 인터넷 연결 장치, 중앙 관리 서버 및 인터넷 연결 방법 |
US9794281B1 (en) | 2015-09-24 | 2017-10-17 | Amazon Technologies, Inc. | Identifying sources of network attacks |
US9774619B1 (en) | 2015-09-24 | 2017-09-26 | Amazon Technologies, Inc. | Mitigating network attacks |
US9742795B1 (en) | 2015-09-24 | 2017-08-22 | Amazon Technologies, Inc. | Mitigating network attacks |
US10270878B1 (en) | 2015-11-10 | 2019-04-23 | Amazon Technologies, Inc. | Routing for origin-facing points of presence |
US10049051B1 (en) | 2015-12-11 | 2018-08-14 | Amazon Technologies, Inc. | Reserved cache space in content delivery networks |
US10257307B1 (en) | 2015-12-11 | 2019-04-09 | Amazon Technologies, Inc. | Reserved cache space in content delivery networks |
US10348639B2 (en) | 2015-12-18 | 2019-07-09 | Amazon Technologies, Inc. | Use of virtual endpoints to improve data transmission rates |
US10097511B2 (en) | 2015-12-22 | 2018-10-09 | Cloudflare, Inc. | Methods and systems for identification of a domain of a command and control server of a botnet |
US10075551B1 (en) | 2016-06-06 | 2018-09-11 | Amazon Technologies, Inc. | Request management for hierarchical cache |
US10110694B1 (en) | 2016-06-29 | 2018-10-23 | Amazon Technologies, Inc. | Adaptive transfer rate for retrieving content from a server |
US10938844B2 (en) | 2016-07-22 | 2021-03-02 | At&T Intellectual Property I, L.P. | Providing security through characterizing mobile traffic by domain names |
US9992086B1 (en) | 2016-08-23 | 2018-06-05 | Amazon Technologies, Inc. | External health checking of virtual private cloud network environments |
US10033691B1 (en) | 2016-08-24 | 2018-07-24 | Amazon Technologies, Inc. | Adaptive resolution of domain name requests in virtual private cloud network environments |
US10505961B2 (en) | 2016-10-05 | 2019-12-10 | Amazon Technologies, Inc. | Digitally signed network address |
US10372499B1 (en) | 2016-12-27 | 2019-08-06 | Amazon Technologies, Inc. | Efficient region selection system for executing request-driven code |
US10831549B1 (en) | 2016-12-27 | 2020-11-10 | Amazon Technologies, Inc. | Multi-region request-driven code execution system |
US10938884B1 (en) | 2017-01-30 | 2021-03-02 | Amazon Technologies, Inc. | Origin server cloaking using virtual private cloud network environments |
US10503613B1 (en) | 2017-04-21 | 2019-12-10 | Amazon Technologies, Inc. | Efficient serving of resources during server unavailability |
US10362057B1 (en) * | 2017-06-06 | 2019-07-23 | Acalvio Technologies, Inc. | Enterprise DNS analysis |
US11075987B1 (en) | 2017-06-12 | 2021-07-27 | Amazon Technologies, Inc. | Load estimating content delivery network |
US10447648B2 (en) | 2017-06-19 | 2019-10-15 | Amazon Technologies, Inc. | Assignment of a POP to a DNS resolver based on volume of communications over a link between client devices and the POP |
US10432651B2 (en) * | 2017-08-17 | 2019-10-01 | Zscaler, Inc. | Systems and methods to detect and monitor DNS tunneling |
US10742593B1 (en) | 2017-09-25 | 2020-08-11 | Amazon Technologies, Inc. | Hybrid content request routing system |
US10592578B1 (en) | 2018-03-07 | 2020-03-17 | Amazon Technologies, Inc. | Predictive content push-enabled content delivery network |
US11089024B2 (en) * | 2018-03-09 | 2021-08-10 | Microsoft Technology Licensing, Llc | System and method for restricting access to web resources |
US10956573B2 (en) | 2018-06-29 | 2021-03-23 | Palo Alto Networks, Inc. | Dynamic analysis techniques for applications |
US11010474B2 (en) | 2018-06-29 | 2021-05-18 | Palo Alto Networks, Inc. | Dynamic analysis techniques for applications |
US10862852B1 (en) | 2018-11-16 | 2020-12-08 | Amazon Technologies, Inc. | Resolution of domain name requests in heterogeneous network environments |
US11025747B1 (en) | 2018-12-12 | 2021-06-01 | Amazon Technologies, Inc. | Content request pattern-based routing system |
US11196765B2 (en) | 2019-09-13 | 2021-12-07 | Palo Alto Networks, Inc. | Simulating user interactions for malware analysis |
US11729134B2 (en) | 2019-09-30 | 2023-08-15 | Palo Alto Networks, Inc. | In-line detection of algorithmically generated domains |
CN110830606A (zh) * | 2019-10-31 | 2020-02-21 | 瑞斯康达科技发展股份有限公司 | 解决异常dns缓存的方法、装置及计算机可读存储介质 |
EP3840338A1 (en) * | 2019-12-20 | 2021-06-23 | Barclays Execution Services Limited | Domain name security in cloud computing environment |
CN111818073B (zh) * | 2020-07-16 | 2022-08-09 | 深信服科技股份有限公司 | 一种失陷主机检测方法、装置、设备及介质 |
CN112714126B (zh) * | 2020-12-29 | 2023-03-17 | 赛尔网络有限公司 | 一种在IPv6地址空间中提升蜜罐诱捕攻击能力的方法及系统 |
CN113158190B (zh) * | 2021-04-30 | 2022-03-29 | 河北师范大学 | 一种基于生成式对抗网络的恶意代码对抗样本自动生成方法 |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6300863B1 (en) * | 1994-11-15 | 2001-10-09 | Absolute Software Corporation | Method and apparatus to monitor and locate an electronic device using a secured intelligent agent via a global network |
US6269392B1 (en) * | 1994-11-15 | 2001-07-31 | Christian Cotichini | Method and apparatus to monitor and locate an electronic device using a secured intelligent agent |
US5898830A (en) * | 1996-10-17 | 1999-04-27 | Network Engineering Software | Firewall providing enhanced network security and user transparency |
GB0022485D0 (en) * | 2000-09-13 | 2000-11-01 | Apl Financial Services Oversea | Monitoring network activity |
US7770223B2 (en) * | 2001-04-12 | 2010-08-03 | Computer Associates Think, Inc. | Method and apparatus for security management via vicarious network devices |
US7152118B2 (en) * | 2002-02-25 | 2006-12-19 | Broadcom Corporation | System, method and computer program product for caching domain name system information on a network gateway |
JP2004072453A (ja) * | 2002-08-07 | 2004-03-04 | Cable & Wireless Idc Inc | ネットワーク管理システムおよびネットワーク管理方法 |
US20050027882A1 (en) * | 2003-05-05 | 2005-02-03 | Sullivan Alan T. | Systems and methods for direction of communication traffic |
US20050105513A1 (en) * | 2002-10-27 | 2005-05-19 | Alan Sullivan | Systems and methods for direction of communication traffic |
US7372809B2 (en) * | 2004-05-18 | 2008-05-13 | Time Warner Cable, Inc. | Thwarting denial of service attacks originating in a DOCSIS-compliant cable network |
-
2005
- 2005-07-08 KR KR1020050061559A patent/KR100663546B1/ko active IP Right Grant
-
2006
- 2006-06-28 WO PCT/KR2006/002512 patent/WO2007007960A1/en active Application Filing
- 2006-06-28 EP EP06769087.5A patent/EP1902375B1/en not_active Not-in-force
-
2008
- 2008-01-08 US US11/971,118 patent/US8112804B2/en active Active
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101070614B1 (ko) * | 2009-12-18 | 2011-10-10 | 한국인터넷진흥원 | 봇넷 정보를 이용한 악성 트래픽 격리 시스템과 봇넷 정보를 이용한 악성 트래픽 격리 방법 |
KR101069341B1 (ko) * | 2009-12-24 | 2011-10-10 | (주)디넷 | 분산 서비스 거부 공격 생성 방지 장치 |
KR101088867B1 (ko) * | 2010-05-12 | 2011-12-06 | (주)한드림넷 | 네트워크 스위치 및 그 네트워크 스위치의 보안공지방법 |
KR101144332B1 (ko) * | 2011-12-01 | 2012-05-11 | 주식회사 프라이머리넷 | 네트워크 트래픽 처리 시스템 |
Also Published As
Publication number | Publication date |
---|---|
EP1902375A1 (en) | 2008-03-26 |
WO2007007960A1 (en) | 2007-01-18 |
EP1902375A4 (en) | 2009-04-22 |
US20080155694A1 (en) | 2008-06-26 |
EP1902375B1 (en) | 2017-07-19 |
US8112804B2 (en) | 2012-02-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR100663546B1 (ko) | 악성 봇 대응 방법 및 그 시스템 | |
JP4545647B2 (ja) | 攻撃検知・防御システム | |
US20210112091A1 (en) | Denial-of-service detection and mitigation solution | |
US7457965B2 (en) | Unauthorized access blocking apparatus, method, program and system | |
US8661544B2 (en) | Detecting botnets | |
US8204984B1 (en) | Systems and methods for detecting encrypted bot command and control communication channels | |
US7814542B1 (en) | Network connection detection and throttling | |
US20070097976A1 (en) | Suspect traffic redirection | |
US10135785B2 (en) | Network security system to intercept inline domain name system requests | |
JP2006319982A (ja) | 通信ネットワーク内ワーム特定及び不活化方法及び装置 | |
US11271963B2 (en) | Defending against domain name system based attacks | |
Lukaseder et al. | An sdn-based approach for defending against reflective ddos attacks | |
Wang et al. | Efficient and low‐cost defense against distributed denial‐of‐service attacks in SDN‐based networks | |
KR100950900B1 (ko) | 분산서비스거부 공격 방어방법 및 방어시스템 | |
KR20170109949A (ko) | 동적 네트워크 환경에서의 네트워크 보안 강화 방법 및 장치 | |
KR101065800B1 (ko) | 네트워크 관리 장치 및 그 방법과 이를 위한 사용자 단말기및 그의 기록 매체 | |
JP3790486B2 (ja) | パケット中継装置、パケット中継システムおよびオトリ誘導システム | |
KR100427179B1 (ko) | 패킷 필터링을 이용한 아이에스피 보더 라우터의 공격자차단 방법 및 그 시스템 | |
JP4753264B2 (ja) | ネットワーク攻撃を検出するための方法、装置、およびコンピュータ・プログラム(ネットワーク攻撃の検出) | |
JP4084317B2 (ja) | ワーム検出方法 | |
Rm et al. | A comprehensive approach for network security | |
Dobrin et al. | DDoS attack identification based on SDN | |
KR101080734B1 (ko) | 스푸핑 방지 방법 및 장치 | |
Glăvan et al. | Detecting the DDoS attack for SDN Controller | |
Dimiter et al. | Botnet Attack Identification Based on SDN |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant | ||
FPAY | Annual fee payment |
Payment date: 20121205 Year of fee payment: 7 |
|
FPAY | Annual fee payment |
Payment date: 20131205 Year of fee payment: 8 |
|
FPAY | Annual fee payment |
Payment date: 20141208 Year of fee payment: 9 |
|
FPAY | Annual fee payment |
Payment date: 20151207 Year of fee payment: 10 |
|
FPAY | Annual fee payment |
Payment date: 20161205 Year of fee payment: 11 |
|
FPAY | Annual fee payment |
Payment date: 20171204 Year of fee payment: 12 |