The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Oct. 29, 2019
Filed:
Jun. 22, 2016
Ntt Innovation Institute, Inc., East Palo Alto, CA (US);
Masayuki Inoue, East Palo Alto, CA (US);
Satoshi Iitsuka, East Palo Alto, CA (US);
Yuhei Kawakoya, East Palo Alto, CA (US);
NTT INNOVATION INSTITUTE, INC., East Palo Alto, CA (US);
Abstract
A system and method are provided for detecting a botnet in a network based on traffic flow, daisy chained mechanism and white-list generation mechanism. The system and method uses the known malicious components in a botnet such as IP address, domain name and URL, to be the root of a daisy chain and creates a network graph based on given traffic flow data such as NetFlow data, DNS cache data, DNS sinkhole data, DDoS data and Attack log data in threat sensors. The system and method iteratively detects new malicious factors by tracing that network graph. The system and method also introduces a technique to create a white list which is used in the daisy chain to reduce false positive.