Self-adaptive trojan communication behavior detection method on basis of dynamic feedback

A dynamic feedback and detection method technology, applied in electrical components, transmission systems, etc., can solve the problems of high concealment Trojan horse failure, short analysis time, detection method does not have self-adaptive ability, etc., to achieve self-adaptive mechanism, The effect of removing redundancy and facilitating misreporting of information

Active Publication Date: 2014-01-22
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF4 Cites 22 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The detection method proposed in this study can effectively detect real-time data streams, but it also has certain shortcomings. The detection method does not have the ability of self-adaptation, and the analysis time is short, which may fail for high-concealment Trojan horses.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Self-adaptive trojan communication behavior detection method on basis of dynamic feedback
  • Self-adaptive trojan communication behavior detection method on basis of dynamic feedback
  • Self-adaptive trojan communication behavior detection method on basis of dynamic feedback

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0041] Embodiment 1: a kind of adaptive Trojan horse communication behavior detection method based on dynamic feedback, at first, the warning information of detection is described through standardization, is stored in the original warning table of database; Utilizes the convenience of database, the warning information is merged, Correlation, storing the processed alarm information, and on this basis, different types of associated alarm information are established as attack track events and stored in the attack event table. The processed alarm information can effectively remove redundancy and facilitate the reduction of false alarm information. The logical structure diagram of the fusion processing of alarm information is attached figure 1 .

[0042] There are the following definitions:

[0043] Definition 1: (F,D V ) is called the Trojan horse communication data flow detection model.

[0044] Definition 2: The feature set F of network communication behavior is represented ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a self-adaptive trojan communication behavior detection method on the basis of dynamic feedback, which comprises the steps of processing trojan detection alarm information, constructing a sample set for dynamic feedback learning by utilizing the alarm information, and determining updating opportunity of detection by detecting concept drift of a data stream, wherein the step of processing the trojan detection alarm information comprises the sub-steps of carrying out merging and association processing on the alarm information which is subjected to standard description, then establishing an intrusion track event and storing the intrusion track event into an intrusion event table. According to the invention, aiming at the problem of self-adaption of information stealing trojan detection, the information stealing trojan detection alarm information is analyzed, methods of similarity analysis, clustering analysis and the like are combined, related information of a target IP (Internet Protocol) is acquired additionally by driving detection, the sample set for dynamic feedback learning is constructed by the alarm information, an increment support vector machine algorithm is used as an algorithm for dynamic feedback learning, and the updating opportunity of a detection system is determined by detecting the concept drift of the data stream.

Description

Technical field: [0001] The invention relates to a detection method of Trojan horse communication behavior, in particular to an adaptive detection method of Trojan horse communication behavior based on dynamic feedback. Background technique: [0002] At present, the existing secret-stealing Trojan detection technology mainly adopts signature matching technology. Compared with the detection technology based on signature matching, the detection technology based on communication behavior feature analysis has obvious advantages in accuracy and scalability, which is conducive to discovering potential and unknown network stealing behaviors and threats, and has a wider application prospect . Existing detection methods for stealing Trojan horses based on statistical analysis of network communication data usually establish a binary classification static detection model based on collected samples and normal network behavior data, and then use the model to judge and predict actual net...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 刘胜利王文冰肖达杨杰张志锋高翔胥攀林伟
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap