CN103491107B - 基于网络数据流簇聚类的木马通信特征快速提取方法 - Google Patents
基于网络数据流簇聚类的木马通信特征快速提取方法 Download PDFInfo
- Publication number
- CN103491107B CN103491107B CN201310478492.0A CN201310478492A CN103491107B CN 103491107 B CN103491107 B CN 103491107B CN 201310478492 A CN201310478492 A CN 201310478492A CN 103491107 B CN103491107 B CN 103491107B
- Authority
- CN
- China
- Prior art keywords
- bunch
- packet
- wooden horse
- data stream
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000006854 communication Effects 0.000 title claims abstract description 105
- 238000004891 communication Methods 0.000 title claims abstract description 83
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000000605 extraction Methods 0.000 claims abstract description 16
- 239000000284 extract Substances 0.000 claims abstract description 14
- 230000010247 heart contraction Effects 0.000 claims description 18
- 238000009826 distribution Methods 0.000 claims description 9
- 238000005070 sampling Methods 0.000 claims description 6
- 238000006243 chemical reaction Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 claims description 3
- 241000283086 Equidae Species 0.000 claims description 2
- 238000001514 detection method Methods 0.000 abstract description 22
- 238000005516 engineering process Methods 0.000 abstract description 5
- 238000007619 statistical method Methods 0.000 abstract description 5
- 238000010219 correlation analysis Methods 0.000 abstract description 2
- 230000006399 behavior Effects 0.000 description 26
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 7
- 230000008859 change Effects 0.000 description 5
- 230000000694 effects Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 238000013461 design Methods 0.000 description 4
- 230000003993 interaction Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000000354 decomposition reaction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000007480 spreading Effects 0.000 description 2
- 101000746134 Homo sapiens DNA endonuclease RBBP8 Proteins 0.000 description 1
- 101000969031 Homo sapiens Nuclear protein 1 Proteins 0.000 description 1
- 241001465754 Metazoa Species 0.000 description 1
- RAQQRQCODVNJCK-JLHYYAGUSA-N N-[(4-amino-2-methylpyrimidin-5-yl)methyl]-N-[(E)-5-hydroxy-3-(2-hydroxyethyldisulfanyl)pent-2-en-2-yl]formamide Chemical compound C\C(N(Cc1cnc(C)nc1N)C=O)=C(\CCO)SSCCO RAQQRQCODVNJCK-JLHYYAGUSA-N 0.000 description 1
- 102100021133 Nuclear protein 1 Human genes 0.000 description 1
- 230000032683 aging Effects 0.000 description 1
- 230000003542 behavioural effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 239000013256 coordination polymer Substances 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 235000013350 formula milk Nutrition 0.000 description 1
- 238000009472 formulation Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000007935 neutral effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 230000035899 viability Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims (5)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310478492.0A CN103491107B (zh) | 2013-10-14 | 2013-10-14 | 基于网络数据流簇聚类的木马通信特征快速提取方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310478492.0A CN103491107B (zh) | 2013-10-14 | 2013-10-14 | 基于网络数据流簇聚类的木马通信特征快速提取方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103491107A CN103491107A (zh) | 2014-01-01 |
CN103491107B true CN103491107B (zh) | 2017-01-04 |
Family
ID=49831066
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310478492.0A Active CN103491107B (zh) | 2013-10-14 | 2013-10-14 | 基于网络数据流簇聚类的木马通信特征快速提取方法 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103491107B (zh) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104468507B (zh) * | 2014-10-28 | 2018-01-30 | 刘胜利 | 基于无控制端流量分析的木马检测方法 |
CN104283897B (zh) * | 2014-10-29 | 2017-12-08 | 刘胜利 | 基于多数据流聚类分析的木马通信特征快速提取方法 |
CN105262729B (zh) * | 2015-09-11 | 2018-07-31 | 携程计算机技术(上海)有限公司 | 木马检测方法及系统 |
CN106571973A (zh) * | 2016-09-28 | 2017-04-19 | 杭州鸿雁智能科技有限公司 | 心跳包超时管理方法及系统 |
CN112215287B (zh) * | 2020-10-13 | 2024-04-12 | 中国光大银行股份有限公司 | 基于距离的多节聚类方法和装置、存储介质及电子装置 |
CN115134096A (zh) * | 2021-03-11 | 2022-09-30 | 深信服科技股份有限公司 | 一种rat连接检测方法、流量审计设备及介质 |
CN115776449B (zh) * | 2022-11-08 | 2023-10-03 | 中车工业研究院有限公司 | 列车以太网通信状态监测方法及系统 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102201937A (zh) * | 2011-06-13 | 2011-09-28 | 刘胜利 | 基于心跳行为分析的快速木马检测方法 |
CN102202064A (zh) * | 2011-06-13 | 2011-09-28 | 刘胜利 | 基于网络数据流分析的木马通信行为特征提取方法 |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102523223B (zh) * | 2011-12-20 | 2014-08-27 | 北京神州绿盟信息安全科技股份有限公司 | 一种木马检测的方法及装置 |
-
2013
- 2013-10-14 CN CN201310478492.0A patent/CN103491107B/zh active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102201937A (zh) * | 2011-06-13 | 2011-09-28 | 刘胜利 | 基于心跳行为分析的快速木马检测方法 |
CN102202064A (zh) * | 2011-06-13 | 2011-09-28 | 刘胜利 | 基于网络数据流分析的木马通信行为特征提取方法 |
Non-Patent Citations (1)
Title |
---|
"木马网络通信特征提取模型的设计与实现";邢云冬,刘胜利;《计算机工程与设计》;20101028;第31卷(第20期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN103491107A (zh) | 2014-01-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103491107B (zh) | 基于网络数据流簇聚类的木马通信特征快速提取方法 | |
CN104283897B (zh) | 基于多数据流聚类分析的木马通信特征快速提取方法 | |
CN102202064B (zh) | 基于网络数据流分析的木马通信行为特征提取方法 | |
CN102201937B (zh) | 基于心跳行为分析的快速木马检测方法 | |
US10652265B2 (en) | Method and apparatus for network forensics compression and storage | |
CN102035698B (zh) | 基于决策树分类算法的http隧道检测方法 | |
US9781427B2 (en) | Methods and systems for estimating entropy | |
CN107733851A (zh) | 基于通信行为分析的dns隧道木马检测方法 | |
Liu et al. | Low-rate DDoS attacks detection method using data compression and behavior divergence measurement | |
CN108304877A (zh) | 一种基于机器学习的物理层信道认证方法 | |
CN105530265B (zh) | 一种基于频繁项集描述的移动互联网恶意应用检测方法 | |
CN104579974A (zh) | 面向ndn中名字查找的哈希布鲁姆过滤器及数据转发方法 | |
CN106330611A (zh) | 一种基于统计特征分类的匿名协议分类方法 | |
CN102571487A (zh) | 基于多数据源分布式的僵尸网络规模测量及追踪方法 | |
Brissaud et al. | Passive monitoring of https service use | |
Ruffing et al. | Smartphone reconnaissance: Operating system identification | |
Liang et al. | FECC: DNS tunnel detection model based on CNN and clustering | |
Fan et al. | AutoIoT: Automatically updated IoT device identification with semi-supervised learning | |
CN109858510A (zh) | 一种针对HTTP协议ETag值隐蔽通信的检测方法 | |
Park et al. | Performance improvement of payload signature-based traffic classification system using application traffic temporal locality | |
Yang et al. | A classification method for network applications using BP neural network | |
Hernández-Campos et al. | Understanding patterns of TCP connection usage with statistical clustering | |
CN103067467A (zh) | 缓存方法及装置 | |
CN110912906B (zh) | 一种边缘计算恶意节点识别方法 | |
CN101883030B (zh) | 一种基于ip地址随机测度的p2p节点检测方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20181220 Address after: 610000 Chengdu High-tech Zone, Sichuan Province, 2 buildings and 3 floors, No. 4, Xinhang Road Patentee after: Sichuan Yuxin'an Electronic Technology Co., Ltd. Address before: 450002 Unit 302, Building No. 7, 19, Jinxue Street, Jinshui District, Zhengzhou City, Henan Province Patentee before: Liu Shengli |
|
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20200720 Address after: Room 302, unit 1, building 19, No.7, Jianxue street, Jinshui District, Zhengzhou City, Henan Province Patentee after: Liu Shengli Address before: 610000 Chengdu High-tech Zone, Sichuan Province, 2 buildings and 3 floors, No. 4, Xinhang Road Patentee before: Sichuan Yuxin'an Electronic Technology Co.,Ltd. |
|
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20210108 Address after: 450000 Science Avenue 62, Zhengzhou High-tech Zone, Henan Province Patentee after: Information Engineering University of the Chinese People's Liberation Army Strategic Support Force Address before: Unit 302, unit 1, building 19, No.7 Jianxue street, Jinshui District, Zhengzhou City, Henan Province, 450000 Patentee before: Liu Shengli |