Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Attack chain behavior analysis based Trojan horse detection method and system

A behavior analysis and Trojan horse technology, applied in the field of network security, can solve the problems of multiple false positives, existence, various types of application services, etc., and achieve the effect of low false negative rate and high accuracy rate

Active Publication Date: 2018-08-10
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF7 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

There is a patent 2: Trojan horse communication behavior feature extraction method based on network data flow analysis (application number: CN201110158055.1), this patent is based on the ratio of the communication time, the number of small communication packets, the amount of uploaded data packets to the amount of downloaded data packets at the controlled end Threshold division of such indicators to detect and judge whether it is the behavior characteristics of the Trojan horse operation stage. The disadvantages are: in the actual Internet application process, there are various types of application services, the duration of data transmission through the application server, the characteristics of data packets, and the operating behavior characteristics of Trojan horses. There is a certain similarity, and there will be more false positives when using this method for detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack chain behavior analysis based Trojan horse detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] First of all, it should be explained that the present invention is an application of computer technology in the field of information security technology. During the implementation of the present invention, the application of multiple software function modules will be involved. The applicant believes that after carefully reading the application documents and accurately understanding the realization principle and purpose of the present invention, and in combination with existing known technologies, those skilled in the art can fully implement the present invention by using their software programming skills. All the software functional modules mentioned in the application documents of the present invention belong to this category, and the applicant will not list them one by one.

[0040] Below in conjunction with accompanying drawing and specific embodiment the present invention is described in further detail:

[0041] Such as figure 1 The Trojan horse detection system b...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to network safety and aims at providing an attack chain behavior analysis based Trojan horse detection method and system. The attack chain behavior analysis based Trojan horse detection system comprises a DNS domain name anomaly detection module, a Trojan horse incubation behavior anomaly detection module and a Trojan horse communication behavior anomaly detection module andcan perform anomaly detection on three behavior processes, including, a Trojan horse connection process, a Trojan horse incubation process and a Trojan horse communication process, in a Trojan horse permeation attacking process; when the anomaly detection condition of the Trojan horse connection process, the Trojan horse incubation process and the Trojan horse communication process is met, a factthat a Trojan horse is detected is confirmed and the Trojan horse detection is realized. By performing sequential associated analysis on the three Trojan horse behavior processes, including, the Trojan horse connection process, the Trojan horse incubation process and the Trojan horse communication process, the comprehensive and efficient Trojan horse detection method and system are provided respectively based on the behavior features of the three Trojan horse processes, the accuracy of Trojan horse detection is enabled to be higher, and the missing report rate is enabled to be lower.

Description

technical field [0001] The invention relates to the field of network security, in particular to a Trojan horse detection method and system based on attack chain behavior analysis. Background technique [0002] In the field of network security, the threat index of Trojan horse attacks ranks second only to software vulnerabilities. The harm of network attacks mainly based on Trojan horses is becoming more and more serious, and the resulting economic losses are also increasing. Trojan horse attack detection technology has always been a research hotspot in the field of network security, because its attack method is carefully constructed, and the attack behavior is highly personalized. It is difficult to find the attack behavior of Trojan horse through traditional intrusion detection technology. [0003] The existing Trojan horse detection technology mainly adopts the following two methods: [0004] 1. Based on the static signature of the Trojan horse code: By scanning all files...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425H04L63/145H04L61/4511
Inventor 王萌范渊
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products