Trojan horse virus detection method based on DNS

A technology of virus detection and DNS tunneling, which is applied in the field of network security, can solve the problems of information entropy underreporting, failure to identify sample characteristics, etc.

Pending Publication Date: 2021-01-26
江苏今浪信息技术有限公司
View PDF2 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the DNS communication fields may have the same format rules. The domain name fields of each request have a large similarity, which leads to a certain underreporting of information entropy, and the current popular virus Trojan horse te

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Trojan horse virus detection method based on DNS
  • Trojan horse virus detection method based on DNS
  • Trojan horse virus detection method based on DNS

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0034] see Figure 1-2, a DNS-based Trojan horse virus detection method, comprising a data packet collection integration module 1, the inside of the data packet collection integration module 1 includes network data collection and data packet filtering, DNS packet queues, and a data packet collection integration module 1 It mainly collects data packets from network entrances and exits, and uses the underlying filtering mechanism of WinPcap capture technology to...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the technical field of network security and discloses a DNS-based Trojan horse virus detection method. The method comprises a data packet acquisition and integration module, aDNS session recombination module, a random forest classification training module, a DNS tunnel Trojan horse traffic monitoring module and a user management interface. The Trojan horse virus detectionmethod based on the DNS comprises steps that the first sample information is acquired, and the first sample information comprises the domain name information of the DNS and flow behaviors of the DNS;a characteristic value of the first sample information is extracted; weighted summation is conducted on feature values to obtain a score value; the DNS suspicious model is established according to the score value, so that weighted summation is performed on the feature value, the DNS suspicious model is established according to the score value after the score value is obtained, and the DNS suspicious model can be used for subsequent suspicious judgment on DNS information, namely, multi-dimensional recognition is performed on the feature value, so many problems such as misinformation generatedby a conventional algorithm are reduced; and DNS information detection and identification accuracy is improved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a DNS-based Trojan horse virus detection method. Background technique [0002] In the background of continuous updating and upgrading of network technology, the harmfulness and aggressiveness of Trojan horse virus are also increasing continuously. Trojan horse virus refers to a piece of malicious code with special functions hidden in a normal program. An executable program, the hacker controls the computer remotely, parasitizes the control program in the controlled computer system, cooperates with the outside, waits for an opportunity to steal passwords and important files in the computer infected with the Trojan horse virus, and can also monitor and control the controlled computer. Illegal operations such as data modification. [0003] At present, in order to deal with the Trojan horse virus problem, a variety of covert communication methods have been developed. For ex...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/12G06F21/56G06K9/62G06N20/00
CPCH04L63/1408H04L63/145H04L63/0236H04L63/029G06F21/566G06F21/568G06N20/00H04L61/4511G06F18/24323
Inventor 徐海勇
Owner 江苏今浪信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap