Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Intelligent Trojan horse detecting device based on behavior features in network flows and method thereof

A network traffic and detection method technology, applied in the direction of electrical components, transmission systems, etc., to achieve the effects of low false negative rate and false negative rate, high detection accuracy and high detection efficiency

Active Publication Date: 2013-06-26
INFORMATION & TELECOMM COMPANY SICHUAN ELECTRIC POWER +1
View PDF10 Cites 35 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] Patented a webpage Trojan detection method and system (application number: 201110439572.6), this patent mainly focuses on webpage Trojan detection, so it has no direct connection with intelligent Trojan detection based on behavioral characteristics in network traffic

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intelligent Trojan horse detecting device based on behavior features in network flows and method thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0054] Embodiments of Flow Data Capture Devices

[0055] At present, the mainstream data packet capture tools include Libpcap, Winpcap, etc. Different platforms can choose different capture tools, for example, Winpcap can be selected under the Windows platform, and Libpcap can be selected under the Unix platform. This example uses Winpcap, a packet capture tool. Winpcap is composed of three modules: NPF, packet.dll and wpcap.dll. NPF is the packet capture driver, packet.dll is the underlying dynamic link library and wpcap.dll is the High-level dynamic link library. Because the Trojans are basically transmitted based on the TCP protocol and the UDP protocol, protocol-based filtering is required here, and only TCP and UDP packets are captured. No matter which capture tool is selected, it is within the protection scope of this patent.

[0056] Embodiment of the pretreatment device

[0057] This embodiment is used to convert the TCP / UDP data packets obtained by the flow data ca...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to an intelligent Trojan horse detecting device based on Trojan horse behavior features reflected in network flows and a method thereof. The device and the method thereof play an active role in detecting Trojan horses and are high in detecting efficiency and low in mistaken report rate and miss report rate. The method includes the steps of firstly, collecting TCP (transmission control protocol), UDP (user datagram protocol) data packets; secondly, pretreating collected data packets; thirdly, filtering data packets according to a neural network to identify abnormal data packets; fourthly, identifying data packets with Trojan horse behaviors from the abnormal data packets; and fifthly alarming when data packets with Trojan horse behaviors are found.

Description

technical field [0001] The present invention is a method for intelligently detecting Trojan horses according to the behavior characteristics of Trojan horses reflected in network traffic data, especially has a positive effect on the discovery of new unknown Trojan horses, and has high detection efficiency and low false positives. False negative rate. Background technique [0002] Behavioral feature-based Trojan horse detection technology is a powerful improvement on the traditional Trojan horse detection technology based on feature codes, and has become an important research topic in the field of network security. [0003] Computer network is like a double-edged sword. In recent years, it has brought infinite convenience to people's life. However, driven by economic interests, the number of Trojan horses has increased sharply, causing huge losses to computer users and companies. In 2011, CNCERT found that nearly 8.9 million domestic IP host addresses were infected with Troj...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
Inventor 王电钢黄昆牛伟纳李建彬张小松陈瑞东
Owner INFORMATION & TELECOMM COMPANY SICHUAN ELECTRIC POWER
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com