Method and device for detecting Trojans by analyzing network behaviors

A Trojan horse program and behavior technology, applied in the field of network security, can solve problems such as undetectable, achieve good compatibility and adaptability, and good detection effect

Inactive Publication Date: 2010-10-06
军工思波信息科技产业有限公司
View PDF5 Cites 31 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] This Trojan horse detection technology can only detect Trojan horses that have obtained samples. For unknown, packed, and mutated Trojan horses, because the signature code in the source program is inconsistent with the existing signature code, it cannot be detected.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting Trojans by analyzing network behaviors
  • Method and device for detecting Trojans by analyzing network behaviors
  • Method and device for detecting Trojans by analyzing network behaviors

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] The present invention will be further illustrated by the following application examples.

[0044] attached image 3 It is a schematic diagram of an application example of the present invention, and the device shown in the figure is the device described in the present invention.

[0045] The device (system) of the present invention adopts a bypass connection mode to access the network, is deployed at the entrance and exit of the network, and conducts comprehensive monitoring of all information flows in and out of the Internet in the entire network. The bypass connection mode can reduce the single point of failure and ensure the availability of the system.

[0046] Multiple monitoring is realized by deploying the device (system) of the present invention in multiple key network segments (such as security management area, DMZ area, server area and office area). Use the system security center to centrally manage multiple network detectors, which is convenient for centraliz...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method and a device for detecting Trojans by analyzing network behaviors. The Trojans are detected by analyzing and comparing behavior characteristics. The method comprises the following steps of: searching the network behaviors in a local area network; analyzing the representative behavior characteristics of the network behaviors, and detecting the Trojans in real time through the network behaviors such as external linkage of the Trojans, information stealing and outbound information. The device consists of an acquisition device and an analyzer, wherein the acquisition device acquires a network data packet and sends the network data packet to the analyzer; the analyzer reorganizes data, extracts the representative behavior characteristic of the data, performs correlation analysis with a Trojan characteristic library, generates a security event report and presents the security event report to a fore system. The Trojans are detected by using behavior characteristic analysis technology; and compared with the conventional program characteristic code comparison technology, the method of the invention has the advantages of capability of detecting the Trojans in known types and in unknown types, and good detection effect particularly for mutation and variation such as packed and kill-free Trojans.

Description

technical field [0001] The invention belongs to the field of network security, in particular to a method and a device for detecting a Trojan horse program. Background technique [0002] Now, the scope of Trojan horse spread on the Internet is getting wider and wider, causing more and more harm. [0003] Traditional antivirus software uses signature code comparison technology to kill viruses. The signature code is to get the original program of the virus sample, propose a unique code similar to a fingerprint in the program, add it to the antivirus software, and then scan all files. If there is this signature code, it is a virus, which can be killed. [0004] This technique for detecting Trojan horses can only detect Trojan horses that have obtained samples. For unknown, packed, and mutated Trojan horses, because the signatures in the source program are inconsistent with the existing signatures, they cannot be detected. Contents of the invention [0005] The purpose of the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L29/06
Inventor 孙丹鸣杨更何涛
Owner 军工思波信息科技产业有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap