Unlock instant, AI-driven research and patent intelligence for your innovation.

Detection method and system for full-network Trojan control terminal

A detection method and control terminal technology, applied in the field of information security, can solve problems such as low user experience and inability to meet the discovery needs of remote control Trojan control terminal distribution, so as to alleviate the discovery needs and improve the user experience.

Inactive Publication Date: 2018-11-13
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF4 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] In view of this, the object of the present invention is to provide a detection method and system for the Trojan horse control terminal in the whole network, so as to alleviate the existing in the prior art that cannot meet the discovery requirements for the distribution of the remote control Trojan horse control terminal under the network environment, causing users to Technical issues with low experience

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method and system for full-network Trojan control terminal
  • Detection method and system for full-network Trojan control terminal
  • Detection method and system for full-network Trojan control terminal

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0067] figure 1 It is a flow chart of a method for detecting a Trojan horse control terminal in the entire network provided by an embodiment of the present invention.

[0068] In the embodiment of the present invention, the method is applied to the detection system capable of simulating the whole network Trojan horse control terminal of the controlled terminal, including the following steps:

[0069] Step S101, receiving the target network segment to be tested input by the user;

[0070] The above-mentioned target network segment to be tested may be the entire network, or any network segment specified by the user.

[0071] Step S102, performing a port scan on all the targets to be detected in the network segment of the target to be tested, so as to determine the suspected detection target according to the scanning result;

[0072] Wherein, the target to be detected is a network device within the network segment of the target to be detected, and the network device includes an...

Embodiment 2

[0096] Such as image 3 As shown, on the basis of Embodiment 1, the embodiment of the present invention provides another detection method of the whole network Trojan control terminal, and the difference from Embodiment 1 is that the method also includes:

[0097] Step S301, pre-configuring the remote control Trojan detection strategy.

[0098] Specifically, the step S301 mainly includes:

[0099] 1. Put the client and server of the existing remote control Trojan horse samples into the virtual machine, and set the IP address of the virtual machine as the online address.

[0100] Specifically, use the virtual machine to receive the client (i.e. the control end) in the known remote control Trojan horse sample and the server (i.e. the controlled end) in the above-mentioned known remote control Trojan horse sample, and transfer the IP address of the above virtual machine The address is set as the online address of the remote control Trojan; at this time, the server will actively ...

Embodiment 3

[0137] Such as Figure 5 As shown, the embodiment of the present invention provides a detection system for a Trojan horse control terminal in the whole network, including: a receiving module 501 , a scanning module 502 and a detecting module 503 .

[0138] Wherein, the receiving module 501 is used to receive the target network segment to be tested input by the user;

[0139] The scanning module 502 is configured to perform port scanning on all targets to be detected in the target network segment to be detected, so as to determine suspected detection targets according to the scanning results, wherein the target to be detected is a network device in the target network segment to be detected;

[0140] The detection module 503 is configured to detect the above-mentioned suspected detection target by using a pre-configured remote-control Trojan horse detection strategy, so as to determine whether the above-mentioned suspected detection target is a remote-control Trojan horse contro...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a detection method and system for a full-network Trojan control terminal and relates to the technical field of information security. The detection method of the full-network Trojan control terminal comprises the following steps: receiving a target network segment to be detected input by a user; performing port scanning on all to-be-detected targets of the target network segment to be detected, and determining a suspected detection target according to the scan result; using a pre-configured remote control Trojan detection policy to detect the suspected detection target soas to determine whether the suspected detection target is the remote control Trojan control terminal. The detection method and system for the full-network Trojan control terminal in the invention candiscover the remote control Trojan control terminal in a network environment and learn the distribution situation, thereby facilitating improving the user experience and alleviating the technical problem that in the prior art, the discovery requirement for the distribution situation of the remote control Trojan control terminal in the network environment cannot be achieved, resulting in not highuser experience.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method and system for detecting a Trojan horse control terminal in the entire network. Background technique [0002] Remote control Trojan is a common attack program used by hackers. The distribution awareness discovery of remote control Trojan control terminal is a relatively important work content in the field of information security, and has a very high threat intelligence value. [0003] In the existing methods for obtaining remote control Trojan threat intelligence, most of them perceive the online process of the Trojan through traffic monitoring, for example, through mirroring and monitoring traffic on the enterprise intranet, private network or carrier level, Configure the known remote control Trojan online domain name, IP and other information in advance, and when there is communication with these sensitive hosts in the network traffic, notify the user that...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/145
Inventor 王世晋范渊史光庭郑威
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD