Method, system and storage device for obtaining ip address of Trojan horse control terminal based on self-learning method

Abstract

The invention relates to network security, aiming at providing a method and a system for acquiring IP address of a Trojan horse control terminal based on a self-learning mode. The method and the system for obtaining the IP address of the Trojan horse control terminal based on the self-learning mode are realized through the following steps: extracting the files transmitted in the network traffic and analyzing the files; extracting the IP address of the malicious Trojan horse control terminal and marking suspicious IP; continuously monitoring the network traffic of the protected host and the transmitted files, and marking the malicious target IP address; Malicious target IP address and malicious Trojan horse control IP address are Trojan horse control IP address. The invention utilizes network flow analysis and continuous monitoring to analyze the behavior of the Trojan horse by using sandbox technology, and utilizes self-learning mode to continuously improve the detection capability ofthe Trojan horse control end IP, thereby realizing automatic identification and extraction of the IP address of the Trojan horse control end server.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method and a system for obtaining an IP address of a Trojan horse control terminal based on a self-learning manner. Background technique [0002] In network attack and defense incidents, quickly confirming the IP address of the Trojan horse control server is an important method to quickly confirm the source of the attack and capture illegal hackers. [0003] A complete Trojan horse system consists of two parts: the Trojan horse control end and the Trojan horse host end: [0004] 1) Trojan horse control terminal. It consists of server hardware and control software. The control terminal is responsible for issuing instructions and collecting data to all Trojan horses that have sneaked into the host machine. [0005] 2) Trojan host end. The Trojan horse program will sneak into the host computer and obtain its operating authority. And actively or passively communicate with the c...

AI Technical Summary

Problems solved by technology

[0008] However, Option 1 is highly dependent on the existing data, and the existing data is outdated and incomplete, which leads to the inability to guarantee the accuracy of Option 1; due to the dependence on manual labor, the automation is relatively poor

However, Option 2 requires manual analysis of logs, heavy workload and error-prone. Different scenarios also need to build different packet capture systems, and the work cannot be reused, which leads to the inability to quickly and accurately find the IP of the Trojan horse control terminal.

Images