Unlock instant, AI-driven research and patent intelligence for your innovation.

System and method for detection of Trojan horse return link based on six-dimensional spatial traffic analysis model

A traffic analysis, six-dimensional space technology, applied in the field of information security, can solve problems such as inability to achieve security protection

Active Publication Date: 2020-04-24
BEIJING ANTIY NETWORK SAFETY TECH CO LTD
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For this type of samples, the feature detection method based on the traditional seven-tuple model cannot achieve security protection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and method for detection of Trojan horse return link based on six-dimensional spatial traffic analysis model
  • System and method for detection of Trojan horse return link based on six-dimensional spatial traffic analysis model
  • System and method for detection of Trojan horse return link based on six-dimensional spatial traffic analysis model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the present invention more obvious and easy to understand, the technical solutions in the present invention will be further detailed below in conjunction with the accompanying drawings illustrate.

[0038] The present invention provides an embodiment of a six-dimensional spatial flow analysis model generation system, such as figure 1 shown, including:

[0039] Dimension establishment module 101, is used for establishing the basic element dimension that is made up of source IP, source port, purpose IP, purpose port, protocol number; Set up the time dimension that is made up of the start time and end time of each session; Set up by slope, transmission Change dimensions composed of speed; establish information dimensions composed of fixed keywords, floating keywords, key loa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a six-dimensional space flow analysis model based hobbyhorse reconnection detection system and method. Flow data are expanded and enlarged, and data of six-dimensional space and23 tuples are adopted for observation of hobbyhorse reconnection flow which uses a DGA algorithm, so that a more efficient and more accurate detection method is obtained. A modeling and statistical detection method rather than a traditional fixed characteristic identification way is adopted by the six-dimensional space flow analysis model based hobbyhorse reconnection detection system and method;maintenance of a huge characteristic library is no longer necessary, and the hobbyhorse reconnection flow using the DGA algorithm can be detected efficiently and accurately. Flow characteristics aredispersed to the 23 tuples, each partial characteristic of the flow is represented through a six-dimensional space model, and more comprehensive analysis on the flow can be realized efficiently through the model; and furthermore, the six-dimensional space flow analysis model based hobbyhorse reconnection detection system and method can trace malicious behaviors.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a system and method for detecting Trojan horse links based on a six-dimensional spatial flow analysis model. Background technique [0002] Most of the early Trojan horse connection traffic detection technologies were based on fixed features. This is mainly because many of the early Trojan horse connection addresses were encrypted or unencrypted and hard-coded in malicious samples. Therefore, through sample analysis, extract By adding its callback address to the feature database, the callback behavior of the infected terminal can be detected, so as to accurately locate the infected terminal and realize security protection. [0003] In order to evade this type of security detection, attackers created the DGA algorithm. The DGA (Domain Generation Algorithm) algorithm, also known as the domain name generation algorithm, is often used in Botnet. Malicious code uses a pri...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/26
CPCH04L43/16H04L63/1441H04L63/145
Inventor 李波肖天炜侯文伶
Owner BEIJING ANTIY NETWORK SAFETY TECH CO LTD