HTTP tunnel Trojan horse detection method based on deep learning

A deep learning and detection method technology, applied in the field of HTTP tunneling Trojan detection based on deep learning, can solve the problems of high false positive rate or false negative rate, lack of versatility, insufficient information utilization, etc. The effect of low reporting rate

Inactive Publication Date: 2019-04-09
ZHENGZHOU UNIVERSITY OF LIGHT INDUSTRY
View PDF3 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, none of the above methods can fully and accurately describe the characteristics of various fields, and the information of the rest

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • HTTP tunnel Trojan horse detection method based on deep learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0032] Embodiment 1: First, capture network traffic data packets at the network egress. Then, check and verify the captured data packets from two aspects: one is to verify the headers of each layer of the data packets, keep the data packets that meet the protocol specification, and set the filtering rules to discard the data packets except HTTP packets; The second is to filter the data packets communicated between the hosts in the internal network, and keep the data packets communicated between the internal network hosts and the external network. The internal network refers to the detection object network of the Trojan horse communication detection system. Finally, retain the data packets that have passed the inspection, extract the packet summary information and the transport layer payload, and store them in the data packet queue.

[0033] Take out the data packets in turn from the data packet queue, read the source IP address field, destination IP address field, protocol typ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the technical field of HTTP tunnel Trojan horse detection based on communication flow analysis, in particular to an HTTP tunnel Trojan horse detection method based on deep learning. The method comprises the steps: classifying the captured data packets according to a quintuple to form a TCP session linked list; extracting a load byte of each TCP package in the TCP session linked list, and converting the first 1024 bytes into an image as the input of a deep learning model; training a model and detecting suspected Trojan horses. According to the Trojan horse detection method, the deep learning model is established, and the network communication traffic generated by the HTTP tunnel Trojan and the normal application program is learned; the characteristics of the HTTP tunnel Trojan traffic are automatically extracted, and the effective detection of the HTTP tunnel Trojan traffic in the network is realized, so that the HTTP tunnel Trojan traffic hidden in a local areanetwork can be timely detected, and the safety of the local area network is protected.

Description

technical field [0001] The invention relates to the technical field of HTTP tunnel Trojan horse detection based on communication flow analysis, in particular to a deep learning-based HTTP tunnel Trojan horse detection method. Background technique [0002] With the popularization of the Internet in various fields of human society, the Internet has become a medium for transmitting various important information, and network leakage incidents occur from time to time, and attackers usually use Trojan horses to steal sensitive information. At the same time, Trojan programs use various methods to attempt to evade the detection of security software. With the advancement of various intrusion detection technologies, the Trojan anti-detection technology is also constantly developing, especially the use of tunnel technology, which makes the Trojan horse communication highly concealed and more difficult to be detected by traditional intrusion detection systems. Therefore, the detection ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06N3/08G06N3/04
CPCH04L63/0236H04L63/0245H04L63/145G06N3/08H04L63/1425G06N3/045
Inventor 王文冰崔建涛杨华张志锋胡春晖
Owner ZHENGZHOU UNIVERSITY OF LIGHT INDUSTRY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap