Network-based detection method of rebound ports Trojan horse

A detection method and port technology, applied in the field of network information security, can solve the problems of not allowing the host to install anti-virus software and Trojan-killing tools, and the inability of anti-virus software and Trojan-killing tools to function.

Inactive Publication Date: 2009-11-04
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF0 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0018] ②In some special environments, it is not allowed to install anti-virus software and Trojan horse kill

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network-based detection method of rebound ports Trojan horse
  • Network-based detection method of rebound ports Trojan horse

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0060] According to the above technical solutions, the present invention will be described in detail below in conjunction with the accompanying drawings and embodiments.

[0061] Taking a kind of more popular rebounding port type Trojan horse in China—the gray pigeon Trojan horse as an example, the detection process of the Trojan horse using the present invention is explained. In this example, the sampling time period T=30 minutes, the parameter T 0 = 0.1, m 1 = m 2 = m 3 = 0.9.

[0062] Through analysis, it is found that the server of the Gray Pigeon Trojan has the following network behavior characteristics:

[0063] (1) Time feature: the time period for the gray pigeon Trojan server to access the broiler is 10 seconds;

[0064] (2) Protocol features: the server of the gray pigeon Trojan uses the GET command of the http protocol to access the broiler, and the port is port 80;

[0065] (3) Data content characteristics: the content of the file returned by the broiler to t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a network-based detection method of rebound ports Trojan horse, belonging to the technical field of network information safety. The method determines whether a corresponding mainframe is attacked by the rebound ports Trojan horse or not by capturing network data packets and utilizing data for carrying out the analysis of time features, application layer protocol and data content. The method can effectively detect the rebound ports Trojan horse which adopts process hiding, file hiding, service hiding and other technologies to a certain extent and does not need to install any proxy software or module, thereby being fully applicable to the situations of having limitations on the installation of a Trojan killing tool on the mainframe.

Description

technical field [0001] The invention relates to a detection method of a reverse port Trojan horse based on a network, and belongs to the technical field of network information security. Background technique [0002] The Trojan horse consists of two parts, the server and the client. The client establishes communication with the server to complete functions such as host control, file theft, and system destruction. The server and the client cooperate with each other, and both are indispensable. The server is installed on the controlled host (the machine that we usually say has a Trojan horse), also known as the controlled end; the client is installed on the control host, also known as the control end. [0003] Before the firewall is used to isolate the internal and external networks, the client on the external network can directly establish a communication connection with the server on the internal network. , to filter the packets from the external network to the internal net...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L9/36
Inventor 危胜军吕坤陈君华
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap