Method and Apparatus for Botnet Analysis and Visualization
First Claim
1. A computer-implemented method for botnet message analysis and visualization comprising the steps of:
- tokenizing each message in a list of messages;
aggregating the tokenized messages into groups;
identifying frequency changes in content and attributes of tokenized messages in the aggregated groups;
grouping the identified frequency changes in the aggregated groups of tokenized messages; and
generating a user display of the aggregated groups of tokenized messages and of the identified frequency changes in the aggregated groups of tokenized messages.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for botnet analysis and visualization. Network traffic is filtered to compile a list of messages. The identified messages are tokenized, classified, and aggregated and changes in the frequency of tokenized messages are identified. A display of the tokenized messages is generated and displayed via a user interface. The user interface is configured to a allow a user to review data generated based on the filtered network traffic in order to detect potential botnet activity. User input may be used to adjust filtering and tokenization of the messages.
120 Citations
20 Claims
-
1. A computer-implemented method for botnet message analysis and visualization comprising the steps of:
-
tokenizing each message in a list of messages; aggregating the tokenized messages into groups; identifying frequency changes in content and attributes of tokenized messages in the aggregated groups; grouping the identified frequency changes in the aggregated groups of tokenized messages; and generating a user display of the aggregated groups of tokenized messages and of the identified frequency changes in the aggregated groups of tokenized messages. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A device for botnet message analysis and visualization comprising:
-
means for tokenizing each message in a list of messages; means for aggregating the tokenized messages into groups; means for identifying frequency changes in content and attributes of tokenized messages in the aggregated groups; means for grouping the identified frequency changes in the aggregated groups of tokenized messages; and means for generating a user display of the aggregated groups of tokenized messages and of the identified frequency changes in the aggregated groups of tokenized messages. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A computer readable medium having stored thereon computer executable instructions for botnet message analysis and visualization, the computer executable instructions defining steps comprising:
-
tokenizing each message in a list of messages; aggregating the tokenized messages into groups; identifying frequency changes in content and attributes of tokenized messages in the aggregated groups; grouping the identified frequency changes in the aggregated groups of tokenized messages; and generating a user display of the aggregated groups of tokenized messages and of the identified frequency changes in the aggregated groups of tokenized messages. - View Dependent Claims (19, 20)
-
Specification