Trojan horse detection method based on Trojan horse virus type classification modeling

A detection method and Trojan horse technology, applied in electrical components, transmission systems, etc., can solve problems such as the failure of Trojan horse detection technology

Inactive Publication Date: 2013-05-08
SICHUAN CINGHOO TECH
View PDF4 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The rapid development of Trojan horse writing technology has brought new challenges to security software. The application of code deformation and packing technology has made various Trojan horse variant programs rampant on the network, making traditional Trojan horse detection technology useless.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Trojan horse detection method based on Trojan horse virus type classification modeling
  • Trojan horse detection method based on Trojan horse virus type classification modeling

Examples

Experimental program
Comparison scheme
Effect test

Embodiment example

[0025] Implementation case: Trojan horse inspection

[0026] Trojan A is a Trojan with a good anti-kill effect. Use the method of driving encrypted communication to perform a rebound connection with the external host using the transit server B. Therefore, when the machine is infected with such a Trojan horse, the Trojan horse can escape the detection of mainstream antivirus software and Trojan horse inspection tools based on signatures because of the anti-virus protection. Because the Trojan horse uses the drive encryption method during the communication process, it means that no matter whether it is the local collection of data packets or the network IDS (Intrusion Detection System), it is impossible to parse out those data packets that are the data packets sent and received by the Trojan horse, that is, It is impossible to determine which machines the Trojan horse interacts with.

[0027] The working flow chart of Trojan A is roughly as follows figure 2 Shown: In this pr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a Trojan horse detection method based on Trojan horse virus type classification modeling. The method comprises following steps of (1) classifying found Trojan horse according to characteristics; (2) forming a Trojan horse identification class library; (3) collecting characteristics of an operation system, identifying the Trojan horse through the Trojan horse identification class library in the step (2), and positioning in the belonging categories and characteristics of Trojan horse in; (4) positioning suspicious items; (5) according to the collected characteristics of the operation system in the step (3), conducting pattern matching in the class library through an algorithm to identify the Trojan horse in the system; (6) finding the same Trojan horse with pattern matching in the class library, and judging the Trojan horse to be detected. The method can conduct rapidly identification and analysis for existing Trojan horse in the system and particularly for the unknown novel Trojan horse. Compared with a traditional detection manner, detection capability for the Trojan horse, particularly for recognition and detection capability for the unknown novel Trojan horse has great improvement.

Description

technical field [0001] The invention relates to a Trojan horse detection method, in particular to a Trojan horse detection method based on classification and modeling of Trojan horse virus types. Background technique [0002] At present, network security incidents such as webpage tampering, network hacking, denial of service attacks, system intrusion, worm virus propagation, and malware threats are common, among which the infection of computer virus Trojan horse programs is the most prominent. The Trojan horse program has become a serious security threat because of its strong concealment and other characteristics to steal passwords and control systems. The rapid development of Trojan horse writing technology has brought new challenges to security software. The application of code deformation and packing technology has made various Trojan horse variant programs rampant on the network, making traditional Trojan horse detection technology useless. Contents of the invention ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
Inventor 陈虹宇其他发明人请求不公开姓名
Owner SICHUAN CINGHOO TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap