VIRTUAL SERVER AND METHOD FOR IDENTIFYING ZOMBIE, AND SINKHOLE SERVER AND METHOD FOR INTEGRATEDLY MANAGING ZOMBIE INFORMATION
First Claim
1. A virtual server for identifying a zombie, comprising:
- an authentication processing module for authenticating a host using a completely automated public Turing test to tell computers and humans apart. (CAPTCHA) test and providing a cookie to the authenticated host when a web server access request message received from the host does not include a cookie;
a cookie value verification module for extracting a cookie value from the web server access request message and verifying the extracted cookie value when the web server access request message includes a cookie;
a web page access inducement module for inducing the host to access a web server when the cookie value is verified; and
a zombie identification module for blocking access of the host when the cookie value is not verified, and identifying the host as a zombie when a number of blocking operations exceeds a threshold value.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are a virtual server and method for identifying a zombie, and a sinkhole server and method for integratedly managing zombie information. The virtual server includes an authentication processing module authenticating a host using a CAPTCHA test and providing a cookie to the authenticated host when a web server access request message received from the host does not include a cookie, a cookie value verification module for extracting a cookie value from the web server access request message and verifying the extracted cookie value when the web server access request message includes a cookie, a web page access inducement module for inducing the host to access a web server when the cookie value is verified, and a zombie identification module for blocking access of the host when the cookie value is not verified, and identifying the host as a zombie when the number of blocking operations exceeds a threshold value.
-
Citations
13 Claims
-
1. A virtual server for identifying a zombie, comprising:
-
an authentication processing module for authenticating a host using a completely automated public Turing test to tell computers and humans apart. (CAPTCHA) test and providing a cookie to the authenticated host when a web server access request message received from the host does not include a cookie; a cookie value verification module for extracting a cookie value from the web server access request message and verifying the extracted cookie value when the web server access request message includes a cookie; a web page access inducement module for inducing the host to access a web server when the cookie value is verified; and a zombie identification module for blocking access of the host when the cookie value is not verified, and identifying the host as a zombie when a number of blocking operations exceeds a threshold value. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A sinkhole server, comprising:
-
a duplicated Internet protocol (IP) removal module for collecting IP addresses of zombies provided by a virtual server, which is disposed at a front end of a web server and identifies a zombie attempting to access the web server, and removing a duplicated IP address from the IP addresses; a zombie scale determination module for calculating a total number of the IP addresses except the duplicated IP address to determine a scale of zombies; a geographical distribution recognition module for recognizing geographical distribution of the zombies using geographical information implied in the IP addresses; and a zombie information database (1)3) for storing the determined scale of zombies and the geographical distribution. - View Dependent Claims (8)
-
-
9. A method of identifying a zombie, comprising:
-
determining whether a web server access request message received from a host includes a cookie; transmitting a completely automated public Turing test to tell computers and humans apart (CAPTCHA) page to the host when the access request message does not include a cookie; transmitting a cookie corresponding to an Internet protocol (IP) address of the host when a correct answer to the CAPTCHA page is received from the host; extracting a cookie value from the access request message and checking whether the extracted cookie value corresponds to the IP address of the host when the access request message includes a cookie; and blocking access to a web server when the cookie value does not correspond to the IP address of the host, and identifying the host as a zombie when a number of blocking operations exceeds a threshold value. - View Dependent Claims (10, 11, 12)
-
-
13. A method of integratedly managing zombie information, comprising:
-
collecting Internet protocol (IP) addresses of zombies provided by a virtual server, which is disposed at a front end of a web server and identifies a zombie attempting to access the web server; removing a duplicated IP address from the IP addresses; calculating a total number of the IP addresses except the duplicated IP address to determine a scale of zombies; and recognizing geographical distribution of the zombies using geographical information implied in the IP addresses.
-
Specification