Malicious traffic detection method based on computer memory evidence obtaining technology

A technology of malicious traffic and detection methods, applied in digital transmission systems, secure communication devices, electrical components, etc., can solve the problems of being attacked by the network, the host is not absolutely safe, etc.

Pending Publication Date: 2022-07-29
HARBIN UNIV OF SCI & TECH
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] At present, any host connected to the Internet is not absolutely safe and may be attacked by the Internet

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious traffic detection method based on computer memory evidence obtaining technology
  • Malicious traffic detection method based on computer memory evidence obtaining technology
  • Malicious traffic detection method based on computer memory evidence obtaining technology

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] In order to clearly and completely describe the technical solutions in the embodiments of the present invention, the present invention will be further described in detail below with reference to the accompanying drawings in the embodiments.

[0038] Step 1 The process of taking the memory dump file is as follows:

[0039] Take a Windows 764-bit system host as an example.

[0040] The flowchart of acquiring the memory dump file in the embodiment of the present invention is as follows: figure 1 shown, including the following steps.

[0041] Step 1-1 determines that the victim host is not a virtual machine;

[0042] Step 1-2 determines that the victim host is running;

[0043] Steps 1-3 determine that you have the operation authority of the victim host, then use software to obtain the memory dump file of the target operating system.

[0044] Step 2 Extract the traffic from the memory image using the Volatility forensics framework

[0045] Step 2-1 Find the kernel debu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a malicious traffic detection method based on a computer memory evidence obtaining technology. The method comprises the steps of firstly establishing a dump file for a computer physical memory; then, obtaining an operating system version and configuration file information by utilizing a Volativity evidence obtaining framework; the method comprises the following steps: extracting a traffic data packet in a physical memory under the support of an operating system version and configuration file information, analyzing traffic data by applying a regression model, and detecting an abnormal mode related to a suspicious activity. And finally, determining whether each abnormal mode is triggered or not through a decision maker, judging whether the traffic is malicious or not, and assisting evidence obtaining analysts to detect and extract the malicious traffic remaining in the damaged host.

Description

Technical field: [0001] The invention relates to a malicious traffic detection method based on computer memory forensics technology. The method has good application in the field of computer memory forensics and is mainly used for detecting whether malicious traffic exists in computer memory. Background technique: [0002] Currently, any host connected to the Internet is not completely secure and is at risk of cyber-attacks. The type and sophistication of attacks has increased with the development of attack techniques, and one of the motivations is that cybercriminals are able to profit from cybercriminal activities. [0003] Detection of attack-related anomalies is essential for both cybersecurity and forensic analysis. Timely detection can prevent damage from attacks; forensic analysis of anomalies not only aids in the investigation of cybercrime, but also provides insight into the attack flow. A large amount of traffic data is cached in the memory, and the memory forensi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40
CPCH04L63/1416H04L63/1425
Inventor 翟继强狄俊甬孙楷轩
Owner HARBIN UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap