	US 11,902,305 B2
	Botnet detection and mitigation
Pratik Lotia, Denver, CO (US); and Charles Manser, Clearwater, FL (US)
Assigned to CHARTER COMMUNICATIONS OPERATING, LLC, St. Louis, MO (US)
Filed by Charter Communications Operating, LLC, St. Louis, MO (US)
Filed on Feb. 19, 2023, as Appl. No. 18/111,580.
Application 18/111,580 is a continuation of application No. 16/416,000, filed on May 17, 2019, granted, now 11,627,147.
Prior Publication US 2023/0199009 A1, Jun. 22, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01)

CPC H04L 63/1416 (2013.01) [H04L 63/1425 (2013.01); H04L 63/1458 (2013.01); H04L 63/1483 (2013.01)]

20 Claims

1. A method for detecting and mitigating a malicious bot, comprising the operations of:

obtaining threat information, the threat information identifying one or more indicators of compromise (IOC) corresponding to suspected or known malicious network traffic;

generating a control list (CL) corresponding to the threat information, the CL describing rules for identifying network flows to be logged in a network log;

obtaining the network log identifying the network flows;

identifying a suspect network flow identified by both the threat information and the network log;

identifying an address corresponding to the suspect network flow;

correlating the address corresponding to the suspect network flow, the suspect network flow being generated in response to a bot control network flow, with an identifier of an infected device that is sending the suspect network flow; and

mitigating a malicious bot based on the identifier.