Trojan horse detection method based on communication behavior clustering

A detection method and clustering technology, applied in the field of information security, can solve the problems of improper selection of feature clustering algorithm, unsatisfactory detection effect, and inability to detect TCP sessions in real time.

Inactive Publication Date: 2014-11-26
STATE GRID CORP OF CHINA +2
View PDF2 Cites 41 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0014] To sum up, the Trojan horse detection technology based on communication behavior is the best method in the existing technology, but at this stage, due to the weak ability to extract TCP session features and the improper selection of feature clustering algorithms, this method cannot analyze TCP session features. Real-time detection, and the detection effect is not ideal

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Trojan horse detection method based on communication behavior clustering
  • Trojan horse detection method based on communication behavior clustering
  • Trojan horse detection method based on communication behavior clustering

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] The present invention will be further described below in conjunction with accompanying drawing.

[0035] according to figure 1 Organize the process of the embodiment step by step, and divide the embodiment into several modules, such as figure 2 shown. The embodiment includes a TCP session reorganization module, an abnormal feature extraction module, a communication behavior feature vector generation module, a Gaussian normalization module, an LSH-based real-time incremental clustering module and a TCP session discrimination module.

[0036] Among them, the TCP session reorganization module is used to capture network traffic data packets, and perform TCP session reorganization on it, so as to facilitate the subsequent acquisition of TCP session information; the abnormal feature extraction module performs statistics on the data flow of the TCP session according to the characteristics of the Trojan horse communication behavior Analysis; the communication behavior featu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a Trojan horse detection method based on communication behavior clustering, and belongs to the field of information safety. The unknown Trojan horse detection method is excellent in feature extraction performance, proper in clustering algorithm and high in detection efficiency and accuracy in order to resolve the problems that the existing Trojan horse detection technology is low in feature extraction capacity, improper in clustering algorithm selection and the like. According to the technical scheme, the Trojan horse detection method comprises the steps of extracting a network flow data package, recombining a TCP conversation, extracting a Trojan horse reverse connecting feature, an entropy feature, a heart beat feature and the like, building a feature vector of the TCP conversation and carrying out real-time clustering on the feature vector based on a real-time increment clustering algorithm of LSH. According to the difference of communication behavior features of a Trojan horse conversation and normal network communication behaviors, the Trojan horse detection method marks the difference of the communication behavior features of the Trojan horse conversation and the normal network communication behaviors by combining the statistic analysis and the time series analysis technology, guarantees high detection accuracy and a zero false alarm rate, lowers the false alarm rate, and can effectively carry out real-time detection on the abnormal communication behaviors of a Trojan horse.

Description

technical field [0001] The invention relates to the field of information security, in particular to a Trojan horse detection method based on communication behavior clustering. Background technique [0002] In recent years, the threats to network information security have undergone tremendous changes. Hacker attacks have gradually changed from traditional individual behaviors with the nature of pranks and technology showing off to organized, specific goals, extremely long duration, and pursuit of business or other specific interests. professional conduct. In order to break through the traditional network security defense methods, an attack method called APT (Advanced Persistent Threat, APT for short) has developed rapidly and has become the biggest network security threat in recent years. As one of the most important links in APT attacks, Trojan horses have become the key research and prevention objects of network security. [0003] Usually, at the beginning of a new APT at...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/26
Inventor 左晓军董立勉陈泽卢宁常杰郗波张君艳侯波涛王春璞刘惠颖
Owner STATE GRID CORP OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap