Method and system for monitoring Trojan Horse based on network communication behavior characteristic

A network communication and Trojan horse technology, applied in transmission systems, digital transmission systems, data exchange networks, etc., can solve problems such as occupying system resources, Trojan horse programs cannot be effectively prevented, and system performance is affected.

Active Publication Date: 2009-12-16
中国人民解放军信息技术安全研究中心 +1
View PDF0 Cites 37 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For unknown, flowered, packed or mutated Trojan horse programs, it is necessary to re-analyze and extract file signatures, and then update the signature database. This is a completely passive defense method that does not fundamentally solve the problem
The Trojan horse firewall only simply monitors suspicious connections on the network, and cannot effectively prevent those Trojan horse programs that communicate using standard protocols. At the same time, software needs to be installed on the user host, which takes up system resources and affects system performance.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for monitoring Trojan Horse based on network communication behavior characteristic
  • Method and system for monitoring Trojan Horse based on network communication behavior characteristic
  • Method and system for monitoring Trojan Horse based on network communication behavior characteristic

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] figure 1 It is a schematic diagram of monitoring Trojan horses in network data streams based on network communication behavior characteristics when Trojan horses are active.

[0026] Usually the Trojan horse program will be added various shells by hackers, or anti-kill processing for certain anti-virus software, so the Trojan horse program with the same function will produce files with completely different characteristics after being processed by adding flowers, packing or mutation. Storage, this is undoubtedly a nightmare for antivirus software that scans and kills files based on file signatures.

[0027] Although the Trojan horse carries out various forms of changes on its carrier - "file", such as adding flowers, packing or mutation, etc., the communication instruction format between the Trojan horse client and server of different versions of the same type is unchanged. That is, the application communication protocol of the Trojan horse itself will not be easily cha...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and system for real-time monitoring Trojan Horse base on network communication behavior characteristic of Trojan Horse in network data flow, which belongs to the field of computer network security. Currently, Trojan Horse is capable of avoiding detection based on file characteristic and host behavior characteristic in prior art by various technical means. But behavior characteristic of Trojan Horse in network communication is relatively stable, that is application communication protocol thereof is unlikely to change. That is because the change to the protocol relates to simultaneous change to programs on both Trojan Horse customer and server, which needs re-implantation of the Trojan Horse, and also relates to the communication problem between different versions of the Trojan Horse program. Accordingly, based on the network communication behavior characteristic during Trojan Horse activation in the network data flow, not only the known Trojan Horses can be monitored, but also unknown flowered, shelled or variant Trojan Horse can be precisely monitored.

Description

technical field [0001] The invention relates to a method and system for real-time monitoring of Trojan horses based on network communication behavior characteristics, belonging to the field of computer network security. Background technique [0002] With the popularity and application of computers and networks, people are increasingly dependent on computers and networks. A large number of non-public or confidential important documents and personal information are stored on each work and home computer. Once these computers are implanted with Trojan horse programs, their information will be stolen, resulting in the leakage of important information and secret files. , personal privacy information exposure and economic losses; in addition, Trojan horses can also destroy information systems, causing system paralysis and loss of important data. [0003] At present, the detection and protection methods of Trojans can be summarized into two categories. One is the traditional detec...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L12/24H04L29/06
Inventor 李京春徐亚飞袁建军梁利周建亮宋利华李建兴熊益周德键徐茜
Owner 中国人民解放军信息技术安全研究中心
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap