Check patentability & draft patents in minutes with Patsnap Eureka AI!

C&C channel detection method and system

A channel detection and channel technology, applied in the field of network security, can solve problems such as difficulty in building training data sets, inability to accurately detect C&C channels, inability to directly obtain C&C traffic training data, etc., and achieve the best applicability effect

Inactive Publication Date: 2021-01-15
INST OF INFORMATION ENG CAS
View PDF4 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in the detection scenario in the actual environment, on the one hand, there are various types of malicious programs currently flooding, and there may be certain behavioral differences among them in various aspects, and it is difficult to know in advance the malicious programs that intend to attack the target category and family, and prepare the C&C channel training data of corresponding or related family samples to build a targeted behavior detection model; C&C traffic training data
Furthermore, although normal traffic data related to specific detection scenarios are relatively easier to obtain than malicious data such as C&C traffic, the changing network environment of detection scenarios and a large number of normal network applications and programs make us It is difficult to construct a training data set that can cover all or most normal network communications
In short, the existing mainstream behavior analysis C&C channel detection methods are too dependent on C&C training data and normal training data sets related to feature detection scenarios, and cannot be directly used in real complex and changeable network environments. Detect C&C channel

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • C&C channel detection method and system
  • C&C channel detection method and system
  • C&C channel detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0050] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0051] The current mainstream behavior analysis C&C channel detection method relies too much on C&C channel training data and normal training data related to detection scenarios, which has a major limitation of poor applicability in real complex and changeable network environments. The present invention proposes a new C&C channel detection method ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides a C&C channel detection method and system. The method comprises the steps: filtering the normal network traffic in traffic to be tested based on a white list method; based on the traffic similarity and a preset clustering algorithm, classifying the traffic to be tested into network activities; labeling the C&C traffic through a heuristic rule to obtain a C&C traffic identification result and a first C&C channel set; and obtaining a C&C channel behavior detection model based on transfer learning, inputting the residual traffic part into the C&C channel behavior detection model to obtain a second C&C channel set, and comprehensively obtaining a C&C channel detection result. According to the embodiment of the invention,the C&C training data related to the to-be-detected target and the normal communication training data in the pre-detection environment do not need to be prepared, and the applicability is better.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a C&C channel detection method and system. Background technique [0002] In the field of network security, the C&C channel (Command&Control Channel) is an essential functional component of advanced network malicious programs such as botnet programs and Trojan horses. After successfully infecting hosts or devices, such network malicious programs need to establish a C&C channel link with the attacker's control server to continuously obtain the latest operation and attack commands, such as updating their own code, stealing data and transmitting, downloading attack codes and tools, and composing Botnets and coordinated large-scale cyber attacks. At the same time, the network malicious program also continuously feeds back information such as the status of the currently infected host and device, command execution results, etc. through the C&C channel, so that the attacker can...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/0227H04L63/1408H04L63/145
Inventor 石志鑫殷其雷姜建国黄伟庆李梅梅翁腾凡
Owner INST OF INFORMATION ENG CAS
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com