CN104283897A - 基于多数据流聚类分析的木马通信特征快速提取方法 - Google Patents
基于多数据流聚类分析的木马通信特征快速提取方法 Download PDFInfo
- Publication number
- CN104283897A CN104283897A CN201410593969.4A CN201410593969A CN104283897A CN 104283897 A CN104283897 A CN 104283897A CN 201410593969 A CN201410593969 A CN 201410593969A CN 104283897 A CN104283897 A CN 104283897A
- Authority
- CN
- China
- Prior art keywords
- data flow
- bunch
- data
- wooden horse
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000006854 communication Effects 0.000 title claims abstract description 88
- 238000004891 communication Methods 0.000 title claims abstract description 67
- 238000000605 extraction Methods 0.000 title claims abstract description 23
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 title abstract description 21
- 238000004458 analytical method Methods 0.000 title abstract description 12
- 230000006399 behavior Effects 0.000 claims abstract description 39
- 238000000034 method Methods 0.000 claims abstract description 31
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 18
- 230000002452 interceptive effect Effects 0.000 claims abstract description 8
- 239000000284 extract Substances 0.000 claims description 19
- 230000003542 behavioural effect Effects 0.000 claims description 16
- 238000009826 distribution Methods 0.000 claims description 14
- 238000007621 cluster analysis Methods 0.000 claims description 6
- 230000002159 abnormal effect Effects 0.000 claims description 4
- 230000007480 spreading Effects 0.000 claims description 4
- 238000004364 calculation method Methods 0.000 claims description 3
- 238000001514 detection method Methods 0.000 abstract description 17
- 238000005516 engineering process Methods 0.000 abstract description 5
- 238000012544 monitoring process Methods 0.000 abstract description 3
- 238000010219 correlation analysis Methods 0.000 abstract 1
- 230000000694 effects Effects 0.000 description 9
- 230000008901 benefit Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000008859 change Effects 0.000 description 4
- 238000013461 design Methods 0.000 description 3
- 101000911390 Homo sapiens Coagulation factor VIII Proteins 0.000 description 2
- 230000002457 bidirectional effect Effects 0.000 description 2
- 239000012141 concentrate Substances 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000009472 formulation Methods 0.000 description 2
- 102000057593 human F8 Human genes 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 229940047431 recombinate Drugs 0.000 description 2
- 230000002123 temporal effect Effects 0.000 description 2
- 239000002699 waste material Substances 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 230000032683 aging Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000012512 characterization method Methods 0.000 description 1
- 238000003066 decision tree Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 239000012530 fluid Substances 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- 238000005211 surface analysis Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000004454 trace mineral analysis Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/35—Clustering; Classification
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims (4)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410593969.4A CN104283897B (zh) | 2014-10-29 | 2014-10-29 | 基于多数据流聚类分析的木马通信特征快速提取方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410593969.4A CN104283897B (zh) | 2014-10-29 | 2014-10-29 | 基于多数据流聚类分析的木马通信特征快速提取方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104283897A true CN104283897A (zh) | 2015-01-14 |
CN104283897B CN104283897B (zh) | 2017-12-08 |
Family
ID=52258379
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410593969.4A Active CN104283897B (zh) | 2014-10-29 | 2014-10-29 | 基于多数据流聚类分析的木马通信特征快速提取方法 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104283897B (zh) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105262729A (zh) * | 2015-09-11 | 2016-01-20 | 携程计算机技术(上海)有限公司 | 木马检测方法及系统 |
CN105656944A (zh) * | 2016-03-19 | 2016-06-08 | 浙江大学 | 一种基于网络数据流的木马探测方法 |
CN105915516A (zh) * | 2016-04-15 | 2016-08-31 | 杭州华三通信技术有限公司 | 基于安全检测的数据流获取方法及装置 |
CN107124410A (zh) * | 2017-04-25 | 2017-09-01 | 厦门卓讯信息技术有限公司 | 基于机器深度学习的网络安全态势特征聚类方法 |
WO2017206499A1 (zh) * | 2016-05-31 | 2017-12-07 | 华为技术有限公司 | 网络攻击检测方法以及攻击检测装置 |
CN107454052A (zh) * | 2016-05-31 | 2017-12-08 | 华为技术有限公司 | 网络攻击检测方法以及攻击检测装置 |
CN107592312A (zh) * | 2017-09-18 | 2018-01-16 | 济南互信软件有限公司 | 一种基于网络流量的恶意软件检测方法 |
CN108446366A (zh) * | 2018-03-14 | 2018-08-24 | 北京思特奇信息技术股份有限公司 | 一种分类存储/快速匹配数据的方法及装置 |
CN108900538A (zh) * | 2018-08-09 | 2018-11-27 | 深圳市永达电子信息股份有限公司 | 一种工控信号检测方法和装置 |
CN109861952A (zh) * | 2017-11-30 | 2019-06-07 | 北京京穗蓝盾信息安全技术有限公司 | 一种基于统计学的网络木马行为识别系统 |
CN109886119A (zh) * | 2019-01-22 | 2019-06-14 | 深圳市永达电子信息股份有限公司 | 一种基于工控信号的控制功能分类方法及系统 |
CN115776449A (zh) * | 2022-11-08 | 2023-03-10 | 中车工业研究院有限公司 | 列车以太网通信状态监测方法及系统 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102202064A (zh) * | 2011-06-13 | 2011-09-28 | 刘胜利 | 基于网络数据流分析的木马通信行为特征提取方法 |
CN103491107A (zh) * | 2013-10-14 | 2014-01-01 | 刘胜利 | 基于网络数据流簇聚类的木马通信特征快速提取方法 |
CN103532949A (zh) * | 2013-10-14 | 2014-01-22 | 刘胜利 | 基于动态反馈的自适应木马通信行为检测方法 |
-
2014
- 2014-10-29 CN CN201410593969.4A patent/CN104283897B/zh active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102202064A (zh) * | 2011-06-13 | 2011-09-28 | 刘胜利 | 基于网络数据流分析的木马通信行为特征提取方法 |
CN103491107A (zh) * | 2013-10-14 | 2014-01-01 | 刘胜利 | 基于网络数据流簇聚类的木马通信特征快速提取方法 |
CN103532949A (zh) * | 2013-10-14 | 2014-01-22 | 刘胜利 | 基于动态反馈的自适应木马通信行为检测方法 |
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105262729B (zh) * | 2015-09-11 | 2018-07-31 | 携程计算机技术(上海)有限公司 | 木马检测方法及系统 |
CN105262729A (zh) * | 2015-09-11 | 2016-01-20 | 携程计算机技术(上海)有限公司 | 木马检测方法及系统 |
CN105656944A (zh) * | 2016-03-19 | 2016-06-08 | 浙江大学 | 一种基于网络数据流的木马探测方法 |
CN105915516A (zh) * | 2016-04-15 | 2016-08-31 | 杭州华三通信技术有限公司 | 基于安全检测的数据流获取方法及装置 |
CN105915516B (zh) * | 2016-04-15 | 2020-01-03 | 新华三技术有限公司 | 基于安全检测的数据流获取方法及装置 |
WO2017206499A1 (zh) * | 2016-05-31 | 2017-12-07 | 华为技术有限公司 | 网络攻击检测方法以及攻击检测装置 |
CN107454052A (zh) * | 2016-05-31 | 2017-12-08 | 华为技术有限公司 | 网络攻击检测方法以及攻击检测装置 |
CN107124410A (zh) * | 2017-04-25 | 2017-09-01 | 厦门卓讯信息技术有限公司 | 基于机器深度学习的网络安全态势特征聚类方法 |
CN107592312B (zh) * | 2017-09-18 | 2021-04-30 | 济南互信软件有限公司 | 一种基于网络流量的恶意软件检测方法 |
CN107592312A (zh) * | 2017-09-18 | 2018-01-16 | 济南互信软件有限公司 | 一种基于网络流量的恶意软件检测方法 |
CN109861952A (zh) * | 2017-11-30 | 2019-06-07 | 北京京穗蓝盾信息安全技术有限公司 | 一种基于统计学的网络木马行为识别系统 |
CN109861952B (zh) * | 2017-11-30 | 2021-11-12 | 北京京穗蓝盾信息安全技术有限公司 | 一种基于统计学的网络木马行为识别系统 |
CN108446366A (zh) * | 2018-03-14 | 2018-08-24 | 北京思特奇信息技术股份有限公司 | 一种分类存储/快速匹配数据的方法及装置 |
CN108900538A (zh) * | 2018-08-09 | 2018-11-27 | 深圳市永达电子信息股份有限公司 | 一种工控信号检测方法和装置 |
CN108900538B (zh) * | 2018-08-09 | 2021-03-23 | 深圳市永达电子信息股份有限公司 | 一种工控信号检测方法和装置 |
CN109886119B (zh) * | 2019-01-22 | 2021-07-09 | 深圳市永达电子信息股份有限公司 | 一种基于工控信号的控制功能分类方法及系统 |
CN109886119A (zh) * | 2019-01-22 | 2019-06-14 | 深圳市永达电子信息股份有限公司 | 一种基于工控信号的控制功能分类方法及系统 |
CN115776449A (zh) * | 2022-11-08 | 2023-03-10 | 中车工业研究院有限公司 | 列车以太网通信状态监测方法及系统 |
CN115776449B (zh) * | 2022-11-08 | 2023-10-03 | 中车工业研究院有限公司 | 列车以太网通信状态监测方法及系统 |
Also Published As
Publication number | Publication date |
---|---|
CN104283897B (zh) | 2017-12-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104283897B (zh) | 基于多数据流聚类分析的木马通信特征快速提取方法 | |
CN102202064B (zh) | 基于网络数据流分析的木马通信行为特征提取方法 | |
CN102201937B (zh) | 基于心跳行为分析的快速木马检测方法 | |
CN102035698B (zh) | 基于决策树分类算法的http隧道检测方法 | |
CN102307123B (zh) | 基于传输层流量特征的nat流量识别方法 | |
CN103491107B (zh) | 基于网络数据流簇聚类的木马通信特征快速提取方法 | |
CN107370752B (zh) | 一种高效的远控木马检测方法 | |
CN105871832A (zh) | 一种基于协议属性的网络应用加密流量识别方法及其装置 | |
CA2613793A1 (en) | Method and apparatus for whole-network anomaly diagnosis and methods to detect and classify network anomalies using traffic feature distributions | |
Brahmi et al. | Towards a multiagent-based distributed intrusion detection system using data mining approaches | |
CN104348741A (zh) | 基于多尺度分析和决策树的p2p流量检测方法和系统 | |
Amoli et al. | A real time unsupervised NIDS for detecting unknown and encrypted network attacks in high speed network | |
CN104468507A (zh) | 基于无控制端流量分析的木马检测方法 | |
CN106330611A (zh) | 一种基于统计特征分类的匿名协议分类方法 | |
CN107528852B (zh) | 一种基于网络安全的大数据实施系统及方法 | |
CN110266603A (zh) | 基于http协议的身份认证业务网络流量分析系统及方法 | |
KR101073402B1 (ko) | 네트워크의 트래픽 모의 및 유사성 검증방법 및 네트워크 트래픽 분석시스템 | |
Oudah et al. | A novel features set for internet traffic classification using burstiness | |
Qin et al. | MUCM: multilevel user cluster mining based on behavior profiles for network monitoring | |
Zhang et al. | Design of a novel network intrusion detection system for drone communications | |
CN115514720B (zh) | 一种面向可编程数据平面的用户活动分类方法及应用 | |
Luo et al. | Behavior-based method for real-time identification of encrypted proxy traffic | |
CN109257384A (zh) | 基于访问节奏矩阵的应用层DDoS攻击识别方法 | |
CN113298125B (zh) | 基于特征选择的物联网设备流量异常检测方法、装置及存储介质 | |
Hejun et al. | Online and automatic identification and mining of encryption network behavior in big data environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB03 | Change of inventor or designer information |
Inventor after: Liu Shengli Inventor after: Liu Long Inventor after: Lin Wei Inventor after: Xiao Da Inventor after: Fei Jinlong Inventor after: Wang Tianpeng Inventor after: Lan Jinghong Inventor after: Wu Yang Inventor before: Liu Shengli Inventor before: Wang Wenbing Inventor before: Wu Dongying |
|
COR | Change of bibliographic data | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20181220 Address after: 610000 Chengdu High-tech Zone, Sichuan Province, 2 buildings and 3 floors, No. 4, Xinhang Road Patentee after: Sichuan Yuxin'an Electronic Technology Co., Ltd. Address before: 450002 Unit 302, Building No. 7, 19, Jinxue Street, Jinshui District, Zhengzhou City, Henan Province Patentee before: Liu Shengli |
|
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20200716 Address after: Room 302, unit 1, building 19, No.7, Jianxue street, Jinshui District, Zhengzhou City, Henan Province Patentee after: Liu Shengli Address before: 610000 Chengdu High-tech Zone, Sichuan Province, 2 buildings and 3 floors, No. 4, Xinhang Road Patentee before: Sichuan Yuxin'an Electronic Technology Co.,Ltd. |
|
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20210108 Address after: 450000 Science Avenue 62, Zhengzhou High-tech Zone, Henan Province Patentee after: Information Engineering University of the Chinese People's Liberation Army Strategic Support Force Address before: Unit 302, unit 1, building 19, No.7 Jianxue street, Jinshui District, Zhengzhou City, Henan Province, 450000 Patentee before: Liu Shengli |