Method and system for obtaining IP address of trojan horse control terminal based on self-learning mode

An IP address and control terminal technology, applied in the field of network security, can solve problems such as heavy workload, large dependence, incompleteness, etc., to improve the ability of discovery and avoid escape detection.

Active Publication Date: 2019-01-25
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF4 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] However, Option 1 is highly dependent on the existing data, and the existing data is outdated and incomplete, which leads to the inability to guarantee the accuracy of Option 1; due to the dependence on manual labor, the automation is relatively poor
However, Option 2 requires manual analysis of logs, heavy workload and error-prone. Different scenarios also need to build different packet capture systems, and the work cannot be reused, which leads to the inability to quickly and accurately find the IP of the Trojan horse control terminal.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for obtaining IP address of trojan horse control terminal based on self-learning mode

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] Below in conjunction with accompanying drawing and specific embodiment the present invention is described in further detail:

[0033] Such as figure 1 The method shown is based on the self-learning method to obtain the IP address of the Trojan horse control terminal. Through continuous monitoring of the malicious Trojan horse behavior in the network traffic, the malicious Trojan horse detection capability is continuously improved in a self-learning manner, and the malicious Trojan horse control terminal IP address is accurately identified. address.

[0034] The method for obtaining the IP address of the Trojan horse control terminal based on the self-learning method specifically includes the following steps:

[0035] Step (1): The network traffic analysis system analyzes the mirrored network traffic:

[0036] Identify the network traffic protocol of the network traffic, extract the files transmitted in the network traffic, and discard the network traffic that does not...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to network security, aiming at providing a method and a system for acquiring IP address of a Trojan horse control terminal based on a self-learning mode. The method and the system for obtaining the IP address of the Trojan horse control terminal based on the self-learning mode are realized through the following steps: extracting the files transmitted in the network traffic and analyzing the files; extracting the IP address of the malicious Trojan horse control terminal and marking suspicious IP; continuously monitoring the network traffic of the protected host and the transmitted files, and marking the malicious target IP address; Malicious target IP address and malicious Trojan horse control IP address are Trojan horse control IP address. The invention utilizes network flow analysis and continuous monitoring to analyze the behavior of the Trojan horse by using sandbox technology, and utilizes self-learning mode to continuously improve the detection capability ofthe Trojan horse control end IP, thereby realizing automatic identification and extraction of the IP address of the Trojan horse control end server.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method and a system for obtaining an IP address of a Trojan horse control terminal based on a self-learning manner. Background technique [0002] In network attack and defense incidents, quickly confirming the IP address of the Trojan horse control server is an important method to quickly confirm the source of the attack and capture illegal hackers. [0003] A complete Trojan horse system consists of two parts: the Trojan horse control end and the Trojan horse host end: [0004] 1) Trojan horse control terminal. It consists of server hardware and control software. The control terminal is responsible for issuing instructions and collecting data to all Trojan horses that have sneaked into the host machine. [0005] 2) Trojan host end. The Trojan horse program will sneak into the host computer and obtain its operating authority. And actively or passively communicate with the c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425H04L63/145H04L2463/146
Inventor 王辉范渊黄进
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap