US 11,997,121 B2
Detection device, detection method, and detection program
Shohei Araki, Musashino (JP); Bo Hu, Musashino (JP); Kazunori Kamiya, Musashino (JP); and Masaki Tanikawa, Musashino (JP)
Assigned to NIPPON TELEGRAPH AND TELEPHONE CORPORATION, Tokyo (JP)
Appl. No. 17/615,107
Filed by NIPPON TELEGRAPH AND TELEPHONE CORPORATION, Tokyo (JP)
PCT Filed Jun. 4, 2019, PCT No. PCT/JP2019/022239
§ 371(c)(1), (2) Date Nov. 30, 2021,
PCT Pub. No. WO2020/245930, PCT Pub. Date Dec. 10, 2020.
Prior Publication US 2022/0224705 A1, Jul. 14, 2022
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/1425 (2013.01) 20 Claims
OG exemplary drawing
 
1. A detection device comprising:
processing circuitry configured to:
identify candidate bots using flow data;
use the flow data to count a number of the candidate bots communicating with servers;
determine servers to be malicious servers when the number of candidate bots communicating therewith is equal to or greater than a predetermined threshold; and
detect candidate bots communicating with the servers determined to be malicious servers to be malicious bots.