Trojan horse communication feature fast extraction method based on clustering analysis of multiple data streams

A cluster analysis, multi-data stream technology, applied in text database clustering/classification, special data processing applications, unstructured text data retrieval, etc. The effect of recombination efficiency

Active Publication Date: 2015-01-14
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF3 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The detection method proposed in this study can effectively detect real-time data streams, but it also has certa...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Trojan horse communication feature fast extraction method based on clustering analysis of multiple data streams
  • Trojan horse communication feature fast extraction method based on clustering analysis of multiple data streams
  • Trojan horse communication feature fast extraction method based on clustering analysis of multiple data streams

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0059] Embodiment 1: the Trojan horse communication feature extraction method based on multi-data flow clustering analysis is:

[0060] First, organize the captured network data packets according to network sessions: use the IP address and port of the monitored object as the source IP address and source port. The data packet is divided into sessions according to the equivalent quadruple (source IP address, source port, destination IP address, destination port), that is, each session is uniquely identified by the equivalent quadruple (at this time, each session linked list contains two-way data stream), and use the session linked list as the data structure for storing sessions. The reason for choosing the session linked list as the data structure for recording the session is: since the network communication is a dynamic process, the data packets in the session will continue to increase as the communication progresses, and the data structure used to save the session will also ch...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a Trojan horse communication feature fast extraction method based on network data stream clustering. The method comprises the steps that firstly, a captured network data packet is sorted according to a network conversation, wherein an IP address and a port of a monitoring object serve as a source IP address and a source port, and the data packet is subjected to conversation division according to equivalent tetrads; secondly, data streams are clustered into data stream clusters through a data stream clustering algorithm based on timestamps; lastly, Trojan horse communication features are extracted, wherein the Trojan horse communication features are extracted at the Trojan horse interactive operation stage. According to the Trojan horse communication feature fast extraction method, on the basis of network data stream clustering, the network data streams are processed with clusters as units, the difference between a Trojan horse communication behavior and a normal network communication behavior is analyzed, the difference between the two behaviors is dug deeply and the network communication features are extracted in combination with traditional statistic analysis, correlation analysis and other technologies, the false alarm rate is lowered while the detection rate is guaranteed, and the Trojan horse communication feature fast extraction method can be used for detecting a secret stealing behavior in a network.

Description

technical field [0001] The invention relates to a method for extracting communication features of a Trojan horse, in particular to a method for quickly extracting communication features of a Trojan horse based on cluster analysis of multiple data streams. Background technique [0002] In recent years, Trojan horse programs have been used by network hackers to carry out more and more acts of information theft and network destruction, posing a serious threat to the information security of users and networks. The biggest characteristic of the Trojan horse is that its behavior often has strong concealment. After the Trojan horse is successfully implanted into the target computer, the Trojan horse control terminal must communicate with the controlled terminal, so as to issue control instructions to the controlled terminal or control the controlled terminal to return the obtained information to the control terminal. The detection technology based on the analysis of communication ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCG06F16/35H04L63/1416
Inventor 刘胜利王文冰武东英
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap