METHOD TO PERFORM BOTNET DETECTION
First Claim
1. A method comprising:
- monitoring network activities associated with a computer connected to a network;
detecting a bot activity associated with the computer;
attributing a bot status to the computer, based on a bot activity type associated with the bot activity, prior detections of bot activities, and considering time stamps; and
updating the bot status attributed to the computer, based on detection of subsequent bot activities associated with the computer, the bot activity types associated with the subsequent bot activities, and at least one other criterion.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and a system for monitoring network activities associated with a computer connected to a network are provided. The method may include detecting a bot activity associated with the computer; attributing a bot status to the computer, based on a bot activity type associated with the bot activity, prior detections of bot activities, and considering time stamps. The method may also include updating the bot status attributed to the computer, based upon detection of subsequent bot activities associated with the computer, the bot activity types associated with the subsequent bot activities, and one or more other criteria. In one example embodiment, the network activities may include network transmissions and behavioral patterns. According to example embodiments, the system may include a network monitor, a bot activity detection module, a bot status module, and a bot status update module.
52 Citations
20 Claims
-
1. A method comprising:
-
monitoring network activities associated with a computer connected to a network; detecting a bot activity associated with the computer; attributing a bot status to the computer, based on a bot activity type associated with the bot activity, prior detections of bot activities, and considering time stamps; and updating the bot status attributed to the computer, based on detection of subsequent bot activities associated with the computer, the bot activity types associated with the subsequent bot activities, and at least one other criterion. - View Dependent Claims (2, 3, 4, 6, 7, 8, 9)
-
-
5. The method of claim 5, wherein the at least one other criterion includes the timestamps associated with the subsequent bot activities.
-
10. A system comprising:
-
a network monitor to monitor network activities associated with a computer connected to a network; a bot activity detection module to detect a bot activity associated with the computer; a bot status module to attribute a bot status to the computer, based on a bot activity type associated with the bot activity, prior detections of bot activities, and considering time stamps; the bot activity detection module to detect subsequent bot activities associated with the computer; and a bot status update module to update the bot status attributed to the computer, based on detection of the subsequent bot activities associated with the computer, the bot activity types associated with the subsequent bot activities, and at least one other criterion. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A system comprising:
-
means for monitoring network activities associated with a computer connected to a network; means for detecting a bot activity associated with the computer; means for attributing a bot status to the computer, based on a bot activity type associated with the bot activity, prior detections of bot activities, and considering time stamps; means for detecting subsequent bot activities associated with the computer; and means for updating the bot status attributed to the computer, based on detection of the subsequent bot activities associated with the computer, the bot activity types associated with the subsequent bot activities, and at least one other criterion. - View Dependent Claims (19)
-
-
20. A machine readable medium comprising instructions, which when implemented by one or more processors perform following operations:
-
monitor network activities associated with a computer connected to a network; detect a bot activity associated with the computer; attribute a bot status to the computer, based on a bot activity type associated with the bot activity, prior detections of bot activities, and considering time stamps; detect subsequent bot activities associated with the computer; and update the bot status attributed to the computer, based on detection of the subsequent bot activities associated with the computer, the bot activity types associated with the subsequent bot activities, and at least one other criterion.
-
Specification