Unlock instant, AI-driven research and patent intelligence for your innovation.

Remote access Trojan intelligent analysis method based on meta-learning

A remote access and intelligent analysis technology, applied in the field of information security, can solve problems such as limited, unable to actively trigger dynamic behavior, unable to generate training data, etc., to achieve the effect of accurate detection

Active Publication Date: 2021-08-06
ZHEJIANG UNIV OF TECH
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] On the terminal host side, Remote Access Trojan (RAT) attack tools are difficult to collect and have limited ability to express malicious behavior
Most of them are in the hands of hackers and attack organizations. In addition, the RAT samples collected by security companies such as Symantec are mostly controlled terminals, which cannot actively trigger dynamic behaviors, and thus cannot generate sufficient dynamic execution training data.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Remote access Trojan intelligent analysis method based on meta-learning
  • Remote access Trojan intelligent analysis method based on meta-learning
  • Remote access Trojan intelligent analysis method based on meta-learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some, not all, embodiments of the application. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0025] Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the technical field to which this application belongs. The terms used herein in the description of the application are only for the purpose of describing specific embodiments, and are not intended to limit the application.

[0026] In one embodiment, an intelligent analysis method for remote access Trojan horses based on meta-learning is provided...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a remote access Trojan intelligent analysis method based on meta-learning. The method comprises the following steps: acquiring an application data set; defining a meta-task; performing meta-task training to obtain a behavior sample; performing statistics according to the behavior samples corresponding to the malicious program samples and the legal program samples to obtain behavior vectors of the behavior samples; training the GMMs model by using the behavior vector of each behavior sample, and training to determine a final K value and a clustering center and size; and detecting an online program to be analyzed by utilizing the trained GMMs model. According to the method, an intelligent RAT rogue program analysis and detection model based on a meta-learning algorithm and utilizing a Gaussian mixture model, Euclidean distance and dynamic behavior characteristics is constructed, the process of learning and judging rogue programs by security experts is simulated, program behavior vectors are constructed by utilizing the dynamic behavior characteristics, and efficient and accurate detection for RAT is realized.

Description

technical field [0001] The application belongs to the technical field of information security, and specifically relates to an intelligent analysis method for remote access Trojans based on meta-learning. Background technique [0002] At present, the network security situation has entered a new era. Facing various new battlefields and markets, new architectures and new methods are needed to support and cope with more and more difficult tasks. To vigorously develop information system security testing and verification technologies, In particular, it is imminent to develop intelligent detection and analysis technology for advanced network attacks, realize the security and controllability of information systems, and seek a leading position in cyberspace confrontation. [0003] Current malicious file and malicious program detection methods cannot adapt to the complex and changeable characteristics of advanced network attacks. Mainly manifested in: On the one hand, the samples of ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/561
Inventor 朱添田李曜晟
Owner ZHEJIANG UNIV OF TECH