Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Device and method for detecting trojan remote shell behavior

A detection device and detection method technology, applied in the field of communication, can solve the problems of high false alarm rate of new Trojan horse detection, inability to detect Trojan horse shell behavior, etc., achieve obvious efficiency advantages, fast detection speed, and improve detection efficiency

Active Publication Date: 2014-01-22
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF10 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method has a certain ability to detect unknown Trojan horses, but in essence it is still a detection method based on Trojan horse signatures, and the detection false positive rate for new Trojan horses is relatively high
At the same time, this detection method cannot detect the Trojan shell behavior

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Device and method for detecting trojan remote shell behavior
  • Device and method for detecting trojan remote shell behavior

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] The present invention will be further described below in conjunction with the accompanying drawings and embodiments.

[0042] The key of the present invention is to extract the communication flow characteristics of the secret-stealing type Trojan horse remote shell behavior, then set up a neural network model with these communication characteristics, and use the learning algorithm, with the normal network data flow and the Trojan horse shell behavior communication flow data set. The network model is learned and trained, and the network parameters are adjusted and optimized.

[0043] Remote shell is a common function of most long-term latent / stealing Trojan horses. According to the implementation method of Trojan horse remote shell function and hackers' habit of using remote shell function, we selected the following three characteristics as the basis for traffic detection of Trojan horse shell behavior.

[0044] 1) The size ratio of data inflow packet load t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a device and a method for detecting a trojan remote shell behavior. The device comprises a packet acquiring device, a data stream selecting and filtering device, a data stream character extracting device and a trojan shell behavior character detecting device. The detecting method comprises the following steps of firstly acquiring real-time network flow data of an internet access; then classifying data stream of the real-time network flow data, and filtering irrelevant protocol data stream; extracting an inlet and outlet packet load ratio, an inlet and outlet packet number ratio and a data stream answering interval in an answering and response process in each data stream; forming data stream characters extracted within certain time interval into a character vector, and inputting the character vector into a formed neural network model; finally calculating a result through the neural network model, judging whether the trojan remote shell behavior exists in the data stream or not, outputting the result, and feeding the detection result back to the data stream selecting and filtering device. The device and the method are applied to a large-scale network environment and can detect known and unknown trojan remote shell behaviors.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a Trojan horse remote shell behavior detection device and method. Background technique [0002] In recent years, the issue of network security has become one of the key issues of concern in various countries. With the exposure of the "Prism" incident, the issue of network privacy and individual users' online security has once again become the focus of public attention. With the continuous development of network attack technology, various new Trojan horse technologies continue to emerge. Although major security vendors are also advancing with the times and continuously launching security products using new technologies, the security problem is still serious. [0003] With the development of the times, the probability of the outbreak of network viruses and Trojan horses in the past is getting smaller and smaller. Cyber ​​attackers have gone underground and developed a compl...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 张小松黄金牛伟纳陈瑞东王东罗荣森孙恩博
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products