Malignant BOT confrontation method and its system
First Claim
Patent Images
1. A malicious BOT measures method comprising the steps of:
- detecting excessive Domain Name System (DNS) queries generated by compromised PC through malicious BOT;
analyzing these queries to classify into normal or abnormal management target; and
redirecting the abnormal DNS query registered as a management target to a redirection processing &
response system, wherein the redirecting step includes the steps of;
changing a destination address of the abnormal DNS query, into the redirection processing &
response system;
generating a response to the abnormal DNS query in the redirection processing &
response system; and
transmitting the response to the compromised PC by malicious BOT, wherein the response generated from the generating step has one of a loop-back address preset by a network administrator and an address of honey pot system for the intrusion temptation and the analysis of malicious BOT characteristics.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for dealing with attacks of malicious BOTs in a network security system includes detecting and analyzing a domain name receiving excessive DNS queries to judge the infection of a malicious BOT, registering the corresponding domain name as normal or abnormal management target, and redirecting an abnormal DNS query for the abnormal management target to a redirection processing & response system. Thereby, the automatic detection of malicious BOT attacks and the mechanism which performs the measures and the analysis simultaneously can protect the DNS servers and prevent the security accidents by malicious BOT attacks previously.
-
Citations
5 Claims
-
1. A malicious BOT measures method comprising the steps of:
- detecting excessive Domain Name System (DNS) queries generated by compromised PC through malicious BOT;
analyzing these queries to classify into normal or abnormal management target; and
redirecting the abnormal DNS query registered as a management target to a redirection processing &
response system, wherein the redirecting step includes the steps of;
changing a destination address of the abnormal DNS query, into the redirection processing &
response system;
generating a response to the abnormal DNS query in the redirection processing &
response system; and
transmitting the response to the compromised PC by malicious BOT, wherein the response generated from the generating step has one of a loop-back address preset by a network administrator and an address of honey pot system for the intrusion temptation and the analysis of malicious BOT characteristics. - View Dependent Claims (2, 3)
- detecting excessive Domain Name System (DNS) queries generated by compromised PC through malicious BOT;
-
4. A malicious BOT measures system comprising:
- a redirection processing system for analyzing and identifying a domain name to receive receiving excessive Domain Name System (DNS) queries, registering the domain name as normal or abnormal management target and redirecting the abnormal DNS query for a domain name registered as the abnormal management target to a redirection processing &
response system; and
the redirection processing &
response system for generating a response to the abnormal DNS query, wherein the redirection processing system changes the destination address of an abnormal DNS query into the address of the redirection processing &
response system to redirect the abnormal DNS query, and wherein the redirection processing &
response system generates the response to the abnormal DNS query which has a loop-back address or an address of honey pot system for the intrusion temptation and the analysis of malicious BOT characteristics depending on the configuration set by an administrator. - View Dependent Claims (5)
- a redirection processing system for analyzing and identifying a domain name to receive receiving excessive Domain Name System (DNS) queries, registering the domain name as normal or abnormal management target and redirecting the abnormal DNS query for a domain name registered as the abnormal management target to a redirection processing &
Specification