Trojan virus analysis technique based on network conversation

A technology of network conversation and analysis technology, applied in the field of computer applications, which can solve the problem of being powerless to detect unknown malicious codes

Active Publication Date: 2015-05-27
赖洪昌
View PDF7 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Traditional signature detection technology is very fast and effective for detecting known malicious codes, but it is powerless for detecting unknown malicious codes

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Trojan virus analysis technique based on network conversation
  • Trojan virus analysis technique based on network conversation
  • Trojan virus analysis technique based on network conversation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0031] In order to better understand the technical solution of the present invention, now in conjunction with the diagram in the accompanying drawing, the specific implementation is further described in detail as follows:

[0032] (1) Behavioral characteristics of Trojan horse virus - (such as figure 1 shown)

[0033] Because the host infected with the Trojan horse needs to receive the control command of the Trojan horse creator, the Trojan horse host will periodically send a reverse connection request to the control terminal, and the Trojan horse control terminal will not always be online, so this regular reverse connection will lead to network failure. Abnormal connection, by analyzing abnormal connection traffic, the Trojan horse host can be located; once the Trojan horse host is connected to the controller host, the controller will be able to further infiltrate into other hosts or perform other actions through the Trojan horse;

[0034] (2) Packet decoding——(such as fig...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a Trojan virus analysis technique based on network conversation. The technique comprises the following operating steps: (1) obtaining a network data package through a bottom layer package capturing technique; (2) decoding the network data package and recombining IP block packages; (3) recombining TCP data flows; (4) tracking TCP conversation status, and respectively marking the conversation status to be semi-connection status, connected status, closed statue and deletion of TCP conversion according to whether the connection is completed or not; (5) when a received data package request is to disconnect the conversion connection, checking whether the current conversation status is connected right now, wherein if the current conversion status is semi-connection status, the host address of the source is a nonexistent host possibly, at the moment, recording an abnormal behavior host right now, and then counting; (6) when the stored count of the abnormal host in one minute is greater than 30, determining the host to be a host infected with Trojan virus.

Description

technical field [0001] The invention relates to a Trojan horse virus analysis technology based on network sessions, and belongs to the technical field of computer applications. Background technique [0002] With the development and popularization of Internet technology, computer networks have been widely used. It has become the trend of the times to use a wide and open network environment for global communication. People's daily economic and social life is increasingly dependent on the Internet. However, while network technology has brought great convenience to people, it has also brought various security threats, such as hacker attacks, computer viruses, and Trojan horse flooding. It is very important to study how to ensure your own information security in the current open network environment. [0003] A Trojan horse is a program that performs unintended or unauthorized functions, such as recording passwords typed by a user, transferring files remotely, or even taking comp...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/145H04L65/1076H04L65/1083H04L65/60
Inventor 赖洪昌
Owner 赖洪昌
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap