Unlock instant, AI-driven research and patent intelligence for your innovation.

A Trojan Horse Detection Method Based on Extended Attack Tree Model

A detection method and attack tree technology, applied in the field of network security, can solve problems such as high false negative rate and false negative rate, insufficient feature expression, and unreasonable weight setting of attack tree nodes, so as to increase the false positive rate and reduce false positives Rate and false positive rate problems, the effect of high detection accuracy

Active Publication Date: 2022-02-11
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Aiming at the problems in the prior art, such as insufficient feature expression, high false negative rate and false negative rate, unreasonable setting of attack tree node weights, etc., the present invention proposes a Trojan horse detection method based on an expanded attack tree model

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Trojan Horse Detection Method Based on Extended Attack Tree Model
  • A Trojan Horse Detection Method Based on Extended Attack Tree Model
  • A Trojan Horse Detection Method Based on Extended Attack Tree Model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention.

[0029] Realization idea of ​​the present invention: the present invention introduces the attack tree theory into the Trojan horse detection technology, first obtains the operation code OPCode sequence and the API call sequence through the static detection technology and the dynamic detection technology, then carries out data mining on these two sequences, and then extracts The feature sequence is used to build an extended attack tree model, and finally, integrated learning is performed by building multiple attack tree models.

[0030] The extended attack tree described in this embodiment={V, E, Attribute}, wherein, V represents the non-empty combination of the nodes of the attack tree, including internal nodes and leaf nodes, and the leaf node types are divided into AND (AND) nod...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Aiming at the problems in the prior art, such as insufficient feature expression, high false negative rate and false positive rate, unreasonable setting of attack tree node weights, etc., the invention proposes a Trojan horse detection method based on an extended attack tree model. The method comprises: obtaining an OPCode sequence by performing static feature analysis on the Trojan horse program, and extracting a Trojan horse characteristic OPCode short sequence from the OPCode sequence; by performing dynamic feature analysis on the Trojan horse program, obtaining an API call sequence, and extracting the short sequence of the Trojan horse feature OPCode from the OPCode sequence; Extract the Trojan horse feature API short sequence from the above API call sequence; construct the original extended attack tree according to the described OPCode short sequence and API short sequence, and initialize the weight parameters of the nodes of the original extended attack tree as the first basic attack tree A learner; dynamically updating the weight parameters to obtain several attack tree basic learners, constructing a strong learner through integrated learning, and performing Trojan horse detection.

Description

technical field [0001] The invention relates to a Trojan horse detection method based on an expanded attack tree model, which belongs to the field of network security. Background technique [0002] Currently Trojan detection technology mainly includes behavior analysis technology, virtual machine technology, feature code scanning technology and real-time monitoring technology. Wherein, the behavior analysis technology refers to obtaining its behavior characteristics by analyzing the malicious Trojan horse program, or monitoring its behavior characteristics when executing the program, and judging whether it is a malicious program according to the suspiciousness of the characteristics; the virtual machine technology refers to the construction A completely isolated, virtual operating environment, allowing malicious Trojan horse programs to run in this virtual environment, and record their operating characteristics, and finally judge whether it is a Trojan horse according to its...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56H04L9/40
CPCG06F21/562G06F21/566H04L63/1416H04L63/145
Inventor 张继梁杰王勇王晏楚刘振岩谭守东
Owner BEIJING INSTITUTE OF TECHNOLOGYGY