Device and method for detecting Trojan horse remote shell behavior

A detection device and behavior technology, applied in the field of communication, can solve the problems of inability to detect Trojan horse shell behavior and high false alarm rate of new Trojan horse detection, and achieve obvious efficiency advantages, fast detection speed, and reduction of computing pressure.

Active Publication Date: 2017-09-15
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method has a certain ability to detect unknown Trojan horses, but in essence it is still a detection method based on Trojan horse signatures, and the detection false positive rate for new Trojan horses is relatively high
At the same time, this detection method cannot detect the Trojan shell behavior

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Device and method for detecting Trojan horse remote shell behavior
  • Device and method for detecting Trojan horse remote shell behavior

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] The present invention will be further described below in conjunction with the accompanying drawings and embodiments.

[0042] The key of the present invention is to extract the communication flow characteristics of the secret-stealing type Trojan horse remote shell behavior, then set up a neural network model with these communication characteristics, and use the learning algorithm, with the normal network data flow and the Trojan horse shell behavior communication flow data set. The network model is learned and trained, and the network parameters are adjusted and optimized.

[0043] Remote shell is a common function of most long-term latent / stealing Trojan horses. According to the implementation method of Trojan horse remote shell function and hackers' habit of using remote shell function, we selected the following three characteristics as the basis for traffic detection of Trojan horse shell behavior.

[0044] 1) The size ratio of data inflow packet load to outbound pa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a Trojan horse remote shell behavior detection device and method. The detection device includes a data packet collection device, a data flow screening and filtering device, a data flow characteristic extraction device and a Trojan horse shell behavior characteristic detection device. The detection method is first to obtain real-time network traffic data at the network entrance; then classify the real-time network traffic data to filter out irrelevant protocol data streams; and then extract the load ratio of incoming and outgoing packets and the ratio of the number of incoming and outgoing packets in the response process of each data flow , data flow response interval; finally, the data flow features extracted within a certain time interval are constructed into feature vectors and input to the constructed neural network model; finally, the results are calculated through the neural network model to determine whether there is a Trojan remote shell in the data flow Behavior, and output the results, and feed back the detection results to the data stream filtering, which is suitable for large-scale network environments and can detect known and unknown Trojan horse remote shell behaviors.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a Trojan horse remote shell behavior detection device and method. Background technique [0002] In recent years, the issue of network security has become one of the key issues of concern in various countries. With the exposure of the "Prism" incident, the issue of network privacy and individual users' online security has once again become the focus of public attention. With the continuous development of network attack technology, various new Trojan horse technologies continue to emerge. Although major security vendors are also advancing with the times and continuously launching security products using new technologies, the security problem is still serious. [0003] With the development of the times, the probability of the outbreak of network viruses and Trojan horses in the past is getting smaller and smaller. Cyber ​​attackers have gone underground and developed a comple...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 张小松黄金牛伟纳王俊峰王标何永强
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap