An Efficient Remote Control Trojan Horse Detection Method
A detection method and Trojan horse technology, applied in the information field, can solve the problem that remote control Trojan horse detection is not necessarily effective
Active Publication Date: 2020-09-25
BEIJING UNIV OF TECH
View PDF5 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0006] People such as Shicong Li realized the detection of Trojan horses through clustering algorithm. This algorithm selected the characteristics of network layer and IP layer, and completed the detection method of mixed traffic. However, the features selected by this method are applied to the detection of remote control Trojan horses and cannot not necessarily effective
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0032] S1. The remote control Trojan detection method mainly includes the following four modules: a flow collection module, a behavior feature extraction module, a classifier creation module, and a classifier optimization evaluation module.
[0033] S2. The traffic collection module is responsible for collecting the data sets required for method creation and detection;
[0034] S21. Traffic collection: Use NetAnalyzer and wireshark software to capture the communication traffic of seven computers (two of which are implanted with Trojan horse programs) in a controlled environment. These communication traffic can be divided into three types, one is collected at home and abroad 24 types of remote control Trojan horse sample communication traffic, the second is the communication traffic of 10 known normal application software, and the third is mixed network traffic. In the end, we collected a total of 291.17 hours of communication traffic, which were stored in .pcap file format.
...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a high-efficiency remote control Trojan detection method. Whether remote control Trojan exists in a network is judged through network behavior characteristics. The method can be applied to actual network traffic detection, and the false alarm rate is close to 0. The whole method comprises the following stages: in a first stage, traffic is collected; in a second stage, behavior characteristics are extracted; in a third stage, the method is realized: in combination of SMOTE over sampling and XGBoost classification methods, the SMOTE over sampling algorithm solves the unbalanced dataset classification problem at a data layer, the emerging high-precision classification algorithm XGBoost classification method in a machine learning field is firstly applied to Trojan detection, while the high accuracy is achieved, the unbalanced dataset classification problem at an algorithm layer is solved; and in a fourth stage, the method is optimized and evaluated. The method pays attention to law discovery through mining of a network mixed traffic, and the method is suitable for completing recognition on known Trojan and also detecting unknown remote control Trojan.
Description
technical field [0001] The invention belongs to the field of information technology, and in particular relates to an efficient remote control Trojan horse detection method. Accurate detection of known remote control Trojans in mixed traffic, as well as identification of unknown remote control Trojans, is of great significance for maintaining network security and reducing losses of the country, enterprises and individuals. Background technique [0002] In recent years, remote control Trojan horses have been continuously used by attackers for remote control and information theft, which has posed a serious threat to network security and caused serious impact and huge losses to the country, enterprises and individuals. The remote control Trojan horse consists of two parts: the control end (client) and the controlled end (server). Usually, attackers use spear phishing and social engineering attacks to find machines that can be infected, and then use standard TCP / IP or UDP protoc...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/145
Inventor 姜伟吴贤达庄俊玺潘邵芹田原
Owner BEIJING UNIV OF TECH