Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Detection method and system of rebound type Trojan

A detection system and Trojan horse technology, applied in the field of malicious code discovery, can solve the problems of not being able to find known malicious code malicious code well, and unable to detect malicious code, so as to overcome the inability to detect malicious code and cut off the connection in time to protect the host. safe effect

Active Publication Date: 2012-10-31
BEIJING ANTIY NETWORK SAFETY TECH CO LTD
View PDF3 Cites 29 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The present invention overcomes the problem that the antivirus software cannot well discover known malicious code variants and n

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method and system of rebound type Trojan
  • Detection method and system of rebound type Trojan
  • Detection method and system of rebound type Trojan

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0072] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the present invention more obvious and easy to understand, the technical solutions in the present invention will be further detailed below in conjunction with the accompanying drawings illustrate.

[0073] The present invention proposes a malicious code discovery solution based on the rebounding Trojan online mode and the operating environment of the host, that is, the control Trojan is discovered by analyzing the network behavior and process status of the host.

[0074] The malicious code discovery method of the present invention based on the rebound Trojan online mode and the host operating environment specifically includes the steps of real-time monitoring system network, real-time acquisition of current network connection and process association steps, network packet ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a detection method of rebound type Trojan, which comprises the steps of: real timely monitoring a network packet of a current system; real timely obtaining an association list of network connection and progress of the current system; carrying out analysis and matching on the network packet, and obtaining a questionable connection list from the analysis result, wherein the analyzed and matched network packet type comprises a DNS (domain name service) request, FTP (file transfer protocol) connection and IP (internet protocol) connection; analyzing the progress to obtain a questionable progress list; and carrying out correlation analysis on the questionable connection list and the questionable progress list and disposing. The invention also discloses a detection system of the rebound type Trojan. According to the invention, known and unknown control type Trojans are firstly found by associating the system process state and network characteristic matching, and the connection of a control end can be cut off and malicious code is removed at the first time, so that the purpose of protecting host safety is achieved.

Description

technical field [0001] The invention belongs to the technical field of information security, and in particular relates to a method for discovering malicious codes based on a rebound Trojan online mode and a host operating environment. Background technique [0002] Today, when the Internet is highly open, malicious codes are growing rapidly, and various malicious codes are flooding the Internet. These malicious codes bring different threats to netizens, and the most threatening one is the control Trojan horse, which can completely control the user's computer, and has such a Trojan horse in large network intrusion incidents and information theft incidents. Due to the restriction of the firewall, the current control Trojans are mainly rebound Trojans. [0003] At present, the detection of such Trojan horses mainly includes anti-virus software scanning and killing hosts and bypass network detection. [0004] Anti-virus software mainly detects malicious codes based on their fil...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/26H04L29/06G06F21/00
Inventor 刘佳男李伟李柏松
Owner BEIJING ANTIY NETWORK SAFETY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com