Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Wooden horse monitoring and auditing method and system thereof

A Trojan horse and behavior technology, applied in the field of Trojan horse monitoring and auditing methods and systems, can solve the problems of network communication content processing and analysis, frequent update of feature library, response lag, etc.

Inactive Publication Date: 2011-05-04
国都兴业信息审计系统技术(北京)有限公司
View PDF2 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

With the popularity of packing and flowering technology and more and more related software, a large number of variant Trojans are flooding the Internet, which not only increases the workload of Trojan horse analysis, but also causes frequent updates of signature databases.
[0009] 2) Identification and detection based on static features will not only increase the number of feature databases, resulting in a decline in detection performance, but also affect the performance of the target host system, which will take up more and more CPU, memory, and disk resources; in addition, because it takes a certain amount of time to analyze new features, it will also cause a lag in response. This technical approach cannot determine whether the Trojan horse program has already been run, what type of operation it has done, etc.
[0011] 4) With the popularization of Trojan horse's wall-climbing technology and port bounce technology, the effectiveness of blocking Trojan horse communication connections based on abnormal network communication behaviors is becoming less and less effective. Many Trojan horse programs use standard network communication when performing network communication. port, such as port 80, and using reverse connection technology, the proxy program of the controlled Trojan horse actively uses port 80 to establish a connection with the control program. connect and release
This technology does not detect and control specific Trojan horses, does not process and analyze network communication content, cannot determine whether it is a real Trojan horse communicating, and cannot know the content of Trojan horse communication and the content of transmitted files
[0012] 5) To identify Trojan horses based on network communication behavior characteristics, the Trojan horse type is only identified through its network communication behavior characteristics, and the key network activities for its Trojan horse communication, such as obtaining system information, modifying system configuration, deleting files, downloading files, and uploading files etc.’s network behavior and content were not further analyzed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Wooden horse monitoring and auditing method and system thereof
  • Wooden horse monitoring and auditing method and system thereof
  • Wooden horse monitoring and auditing method and system thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0048] In order to make the above objects, features and advantages of the present invention more comprehensible, the present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0049] First introduce the concept and working principle of the Trojan horse:

[0050] A Trojan horse is a program that establishes a connection between remote computers so that the remote computer can control the local computer through the network. Its operation complies with the TCP / IP protocol. The back door is very similar to the "Trojan horse" tactic in war, hence the name Trojan horse program.

[0051] The Trojan horse program is composed of two parts, one part is an agent program installed and embedded in the system of the controlled host, and the other part is a control terminal program. After the Trojan agent runs, it needs to establish a network connection (forward connection or reverse connection) with the control term...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a wooden horse monitoring and auditing method and a system thereof, wherein the method comprises the following steps: acquiring a network data packet in real time; determining the current session, checking whether the network data packet belongs to the established network session, if so, inserting the network data packet into the established session, and otherwise, establishing new session; judging whether the current session is wooden horse communication session, if so, recording the content of wooden horse network communication session when the current session belongs to the wooden horse network communication session; according to the recorded content of the wooden horse network communication session, detecting whether the content is wooden horse network operation behavior, if so, recording and monitoring the wooden horse network operation behavior. According to the invention, not only the type of the wooden horse can be recognized, but also the network behavior of the wooden horse can be monitored.

Description

technical field [0001] The invention relates to the field of information technology network security, in particular to a Trojan horse monitoring and auditing method and system. Background technique [0002] Trojan horse programs are more harmful than traditional viruses. They can not only damage the host system, paralyze the host system, but also completely control the target host. The files in the target host are downloaded to the Trojan horse control terminal and upload new Trojan horse programs or other virus programs. At present, the detection and protection of Trojans are mainly based on products such as virus scanning, desktop active defense, security virus gateway, firewall, etc. The technologies used in these products mainly fall into three categories: [0003] The first category is to identify Trojan horses based on the static features of Trojan horse programs. Through the static analysis of the Trojan horse program, the feature string that can be used to identify...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/26H04L12/24H04L29/06
Inventor 徐亚非张佃常乐
Owner 国都兴业信息审计系统技术(北京)有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com