CN106302520A - A kind of remote control class wooden horse sweep-out method and device - Google Patents

A kind of remote control class wooden horse sweep-out method and device Download PDF

Info

Publication number
CN106302520A
CN106302520A CN201610825391.XA CN201610825391A CN106302520A CN 106302520 A CN106302520 A CN 106302520A CN 201610825391 A CN201610825391 A CN 201610825391A CN 106302520 A CN106302520 A CN 106302520A
Authority
CN
China
Prior art keywords
wooden horse
remote control
packet
control class
class wooden
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610825391.XA
Other languages
Chinese (zh)
Other versions
CN106302520B (en
Inventor
周忠义
金红
杨满智
刘长永
阿曼太
王宇
糜波
崔渊博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Eversec Beijing Technology Co Ltd
Original Assignee
Eversec Beijing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Eversec Beijing Technology Co Ltd filed Critical Eversec Beijing Technology Co Ltd
Priority to CN201610825391.XA priority Critical patent/CN106302520B/en
Publication of CN106302520A publication Critical patent/CN106302520A/en
Application granted granted Critical
Publication of CN106302520B publication Critical patent/CN106302520B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of remote control class wooden horse sweep-out method and device, belong to network safety filed, it is characterised in that described method includes: obtain at least one packet in network traffics;According to default communication feature rule base, at least one packet described is mated, obtain the packet of hit;To include that the flow lead of the packet of described hit is to remote control class wooden horse counter device;Described remote control class wooden horse counter device is connected by the controlled terminal foundation of flow re-injection and described remote control class wooden horse and is sent self-marketing ruins instruction;Described remote control class wooden horse performs destruction after receiving the described instruction of destruction certainly.Technical scheme disclosed by the invention is connected with controlled terminal foundation based on network side flow reinjection technique simulation remote control class wooden horse main control end, sends from destroying instruction to controlled terminal, thoroughly destroys the trojan horse program of controlled terminal, raising internet security.

Description

A kind of remote control class wooden horse sweep-out method and device
Technical field
The present invention relates to cyberspace security technology area, far control class wooden horse sweep-out method and device particularly to one.
Background technology
Society now, along with the high speed development of science and technology, the equipment accessing the Internet also gets more and more, the clothes that equipment runs Being engaged in the most rich and varied, huge Internet market brings huge business opportunity, and the most under cover titanic peril simultaneously, trojan horse is just It it is one of which.
Wooden horse in computer generally includes two parts: main control end and controlled terminal, main control end is controlled by being implanted by wooden horse End, by network service, main control end is to controlled terminal transmitting control commands, and controlled terminal receives and performs, thus reaches to control controlled The purpose of end, and often controlled terminal user cannot find that oneself has been controlled, the sensitive information of its input and document information etc. Can be stolen by the other side, cause loss greatly.
Currently in the prior art that remote control class wooden horse is removed, lay particular emphasis on and blocked by network IP or malicious traffic stream cleaning Method, reach to stop connection between the controlled terminal and main control end of network side.Even if but by main control end and controlled terminal it Between connection stop, controlled terminal still runs trojan horse program, these trojan horse programs are had an opportunity by different channels, example As: the IP that reaches the standard grade updates, and communication protocol renewal etc. realizes self renewal, and again reaching the standard grade is connected with main control end, continues to control controlled terminal.
Summary of the invention
In order to solve the problems referred to above, the invention provides a kind of remote control class wooden horse sweep-out method and device, pass through go-between Attack method simulation main control end sends to the wooden horse of controlled terminal destroys instruction, reaches thoroughly to remove the purpose of trojan horse program.
Described technical scheme is as follows:
First aspect, it is provided that a kind of remote control class wooden horse sweep-out method, it is characterised in that described method includes:
Obtain at least one packet in network traffics;
According to default communication feature rule base, at least one packet described is mated, obtain the data of hit Bag;
To include that the flow lead of the packet of described hit is to remote control class wooden horse counter device;
Described remote control class wooden horse counter device is connected also with the controlled terminal foundation of described remote control class wooden horse by flow re-injection Send from destroying instruction;
Described remote control class wooden horse performs destruction after receiving the described instruction of destruction certainly.
In conjunction with first aspect, in the embodiment that the first is possible, at the communication feature rule base that described basis is preset Mating at least one packet described, before obtaining the packet of hit, described method also includes:
In extraction payload, at least one section of bytecode is as principal character;
Extract at least one attribute character in network message;
Combine to be formed by described principal character and described attribute character and identify the remote communication feature controlling class wooden horse.
In conjunction with first aspect, in the embodiment that the second is possible, the communication feature rule base pair that described basis is preset At least one packet described mates, and the packet obtaining hit includes:
Described packet is recombinated, decompresses and is deciphered, and with the communication in described default communication feature rule base Feature is mated;
If communication feature is identical with the communication feature in described default communication feature rule base in described packet, then sentence Fixed described packet is the packet of described hit.
In conjunction with first aspect, in the embodiment that the third is possible, described will include the stream of the packet of described hit Amount traction includes to remote control class wooden horse counter device:
According to counter strategy, obtain the information of described flow;
Described flow lead is broken through device to remote control class wooden horse by the information according to described flow;Wherein, described flow Information includes according to any one in remote control class wooden horse kind, remote control class wooden horse version and protocol port that counter strategy obtains Or multiple combination.
In conjunction with first aspect, in the 4th kind of possible embodiment, described remote control class wooden horse counter device passes through flow The controlled terminal of re-injection and described remote control class wooden horse is set up and is connected and sends self-marketing and ruin instruction and include:
The remote main control end controlling class wooden horse described in described remote control class wooden horse counter unit simulation;
After receiving the flow of packet including described hit, set up between the controlled terminal of described remote control class wooden horse Connect;
Send described from destroying instruction to the controlled terminal of described remote control class wooden horse;Wherein, described remote control class wooden horse counter dress Put include at least one far the main control end of control class wooden horse communication protocol, at least one far controls class wooden horse and verifies the authentication reached the standard grade Method and the combination including described any one or more in the payload destroying instruction.
Second aspect, it is provided that device removed by a kind of remote control class wooden horse, it is characterised in that described device includes:
Acquisition module, for obtaining at least one packet in network traffics;
Matching module, at least one packet described being mated according to the communication feature rule base preset, Packet to hit;
Traction module, the flow lead for the packet by including described hit breaks through device to remote control class wooden horse;
Go-between's module, for the described remote control class wooden horse counter device quilt by flow re-injection with described remote control class wooden horse Control end is set up to connect and send self-marketing and is ruined instruction;
Destroy module, after described remote control class wooden horse receives the described instruction of destruction certainly, perform destruction.
In conjunction with second aspect, in the embodiment that the first is possible, described device also includes that communication feature builds module, For:
In extraction payload, at least one section of bytecode is as principal character;
Extract at least one attribute character in network message;
Combine to be formed by described principal character and described attribute character and identify the remote communication feature controlling class wooden horse.
In conjunction with second aspect, in the embodiment that the second is possible, described matching module specifically for:
Described packet is recombinated, decompresses and is deciphered, and with the communication in described default communication feature rule base Feature is mated;
If communication feature is identical with the communication feature in described default communication feature rule base in described packet, then sentence Fixed described packet is the packet of described hit.
In conjunction with second aspect, in the embodiment that the third is possible, described traction module specifically for:
According to counter strategy, obtain the information of described flow;
Described flow lead is broken through device to remote control class wooden horse by the information according to described flow;Wherein, described flow Information includes according to any one in remote control class wooden horse kind, remote control class wooden horse version and protocol port that counter strategy obtains Or multiple combination.
In conjunction with second aspect, in the 4th kind of possible embodiment, described traction module specifically for:
According to counter strategy, obtain the information of described flow;
Described flow lead is broken through device to remote control class wooden horse by the information according to described flow;Wherein, described flow Information includes according to any one in remote control class wooden horse kind, remote control class wooden horse version and protocol port that counter strategy obtains Or multiple combination.
Embodiments provide a kind of remote control class wooden horse sweep-out method and device, by building the logical of remote control class wooden horse Letter feature database, can identify wooden horse packet in flow, and accuracy is high, and recognition efficiency is high;By the flow lead by hit To breaking through device, can by counter device the parameter changing in network environment is set, reach truly to simulate main control end and arrive Purpose;By using flow reinjection technique, simulation main control end is set up with controlled terminal and is connected, thus sends pin to the wooden horse of controlled terminal Ruin instruction, can thoroughly destroy trojan horse program, improve internet security.
Accompanying drawing explanation
For the technical scheme being illustrated more clearly that in the embodiment of the present invention, in embodiment being described below required for make Accompanying drawing be briefly described, it should be apparent that, below describe in accompanying drawing be only some embodiments of the present invention, for From the point of view of those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to obtain other according to these accompanying drawings Accompanying drawing.
Fig. 1 is the remote control class wooden horse sweep-out method schematic flow sheet that one embodiment of the present invention provides;
Fig. 2 is that apparatus structure schematic diagram removed by the remote control class wooden horse that another preferred embodiment of the present invention provides.
Detailed description of the invention
For making the object, technical solutions and advantages of the present invention clearer, attached below in conjunction with in the embodiment of the present invention Figure, is clearly and completely described the technical scheme in the embodiment of the present invention, it is clear that described embodiment is only this Invent a part of embodiment rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art exist Do not make the every other embodiment obtained under creative work premise, broadly fall into the scope of protection of the invention.
See Fig. 1, provide a kind of remote control class wooden horse sweep-out method in a preferred embodiment, especially a kind of based on The remote control class wooden horse sweep-out method of network side flow reinjection technique, wherein, flow reinjection technique can be any-mode, including but It is not limited to following: policybased routing, MPLS VPN, two layers of transparent transmission and dual link etc..Specifically include following methods:
S101, at least one packet obtained in network traffics.
Specifically, use flow collection equipment DPI that the packet in network traffics is acquired.At a complete net In network communication, the form of session between main control end and controlled terminal, is used to communicate, including request bag and the respond packet of transmitting-receiving. The packet that DPI collects can be request bag can also be in response to bag, can be general data bag can also be wooden horse communication Packet.
The communication feature rule base that S102, structure are preset.
Specifically, at least one section of bytecode is extracted in payload data payload as principal character;
Extract at least one attribute character in network message;
Combine to be formed by principal character and attribute character and identify the remote communication feature controlling class wooden horse.
Wherein, the attribute character of network message includes: the size of packet, agreement, five-tuple limit, request bag/response Any one or more combination in bag restriction and time interval etc..
Wherein, payload data payload is obtained by the communication protocol analyzing, deciphering remote control class wooden horse.
By the combination of principal character with attribute character being built the communication feature of specific remote control class wooden horse, merge remote control The data characteristics of class wooden horse and the data characteristics of network message, can uniquely identify remote control class wooden horse and identify the net at wooden horse place Network environment.Data arrangement in communication feature and location mode are referred to the data arrangement in general packet and the side of depositing Formula, is not specifically limited at this.In the communication feature rule base built, the compound mode of communication feature can any combine, For complicated wooden horse communication feature, can come characterized by multiple communication features and identify.
Optionally, S102 can be after S101, it is also possible to before S101, and execution sequence is not specifically limited.
At least one packet is mated by the communication feature rule base that S103, basis are preset, and obtains the data of hit Bag.
Specifically, packet is recombinated, decompress and deciphers, and with the communication special in default communication feature rule base Levy and mate;
After packet being recombinated, decompress and deciphering, by the data message obtained and leading in communication feature rule base Letter feature is mated successively.Optionally, in order to improve the efficiency of coupling, can the attribute character of first matching network message, treat After determining, mating principal character item by item.
If communication feature is identical with the communication feature in the communication feature rule base preset in packet, then judge packet Packet for hit.Otherwise, the execution of method ends.
Wherein, the packet of hit is the wooden horse packet comprising communication feature.
S104, will include that the flow lead of packet of hit is to remote control class wooden horse counter device.
Specifically, according to counter strategy, the information of flow is obtained;
Flow lead is broken through device to remote control class wooden horse by the information according to flow;Wherein, the information of flow includes basis The group of any one or more in remote control class wooden horse kind, remote control class wooden horse version and protocol port that counter strategy obtains Close.
Wherein, in S103, the flow of hit can identify remote control class wooden horse kind after recombinating, decompressing and decipher, far control Class wooden horse version and protocol port, formulate counter strategy according to the above-mentioned information obtained, thus by the flow lead of above-mentioned hit Corresponding ports to wooden horse counter device.
S105, remote control class wooden horse counter device are set up by the controlled terminal of flow re-injection with remote control class wooden horse and are connected and send From destroying instruction.
Specifically, remote control class wooden horse counter unit simulation far controls the main control end of class wooden horse;
When, after the flow receiving the packet including hit, setting up the connection between the controlled terminal of remote control class wooden horse;
Controlled terminal to remote control class wooden horse sends described from destroying instruction;Wherein, remote control class wooden horse counter device include to The communication protocol of the main control end of few a kind of remote control class wooden horse, at least one far controls verification method that the checking of class wooden horse reaches the standard grade and includes The combination of described any one or more in the payload destroying instruction.
Remote control class wooden horse counter device includes hardware device and software environment, can pass through software mould in terms of software environment Intend multiple known remote control class wooden horse main control end section communication agreement, and pre-set the verification method that multiple login is reached the standard grade With from destroying the payload of instruction, when, after the flow receiving the hit come by flow lead, remote control class wooden horse being simulated Main control end, to network parameter real time modifying, actively sets up the connection with controlled terminal.It is connected with controlled terminal foundation in simulation main control end Process nature be the process initiating man-in-the-middle attack, be different from blocking technology and Apis cerana Fabricius technology to remote control class wooden horse main control end Adapter, man-in-the-middle attack uses directly to set up with controlled terminal and is connected.After simulation main control end is connected with controlled terminal foundation, far Default can be sent to controlled terminal by control class wooden horse counter device from destruction instruction.
S106, remote control class wooden horse perform destruction after being received from destruction instruction.
Operate in the remote control class wooden horse of controlled terminal receive transmission after destroying instruction, perform from destroying task, thoroughly Destroy the trojan horse program run.In Destruction, run on backstage, do not affect the normal display of controlled terminal equipment and run.
A kind of remote control class wooden horse sweep-out method that the embodiment of the present invention provides, by building the remote communication feature controlling class wooden horse Storehouse, can identify wooden horse packet in flow, and accuracy is high, and recognition efficiency is high;By by the extremely counter of the flow lead of hit Device, can by counter device the parameter changing in network environment is set, reach truly to simulate main control end to purpose;Logical Crossing employing flow reinjection technique, simulation main control end is set up with controlled terminal and is connected, thus sends to the wooden horse of controlled terminal and destroy instruction, Can thoroughly destroy trojan horse program, improve internet security.
With reference to shown in Fig. 2, in another preferred embodiment of the present invention, it is provided that device removed by a kind of remote control class wooden horse, This device includes:
Acquisition module 201, for obtaining at least one packet in network traffics;Specifically, flow collection is used to set Standby DPI obtains at least one packet in network traffics.
Matching module 202, for mating at least one packet according to the communication feature rule base preset, obtains The packet of hit.
Traction module 203, the flow lead for the packet by including hit breaks through device to remote control class wooden horse.
Go-between's module 204, for remote control class wooden horse counter device by flow re-injection and the remote controlled terminal controlling class wooden horse Set up to connect and send self-marketing and ruin instruction.
Destroy module 205, after remote control class wooden horse is received from destruction instruction, performs destruction.
Wherein, this device also includes that communication feature builds module 206, is used for:
In extraction payload, at least one section of bytecode is as principal character;
Extract at least one attribute character in network message;
Combine to be formed by principal character and attribute character and identify the remote communication feature controlling class wooden horse.
Specifically, matching module 202 specifically for:
Packet is recombinated, decompress and deciphers, and carry out with the communication feature in default communication feature rule base Coupling;
If communication feature is identical with the communication feature in the communication feature rule base preset in packet, then judge packet Packet for hit.
Specifically, traction module 203 specifically for:
According to counter strategy, obtain the information of flow;
Flow lead is broken through device to remote control class wooden horse by the information according to flow;Wherein, the information of flow includes basis The group of any one or more in remote control class wooden horse kind, remote control class wooden horse version and protocol port that counter strategy obtains Close.
Go-between's module 204 specifically for:
The main control end of remote control class wooden horse counter unit simulation controlled class wooden horse;
When, after the flow receiving the packet including hit, setting up the connection between the controlled terminal of remote control class wooden horse;
Controlled terminal to remote control class wooden horse sends from destroying instruction.
Wherein, remote control class wooden horse counter device includes the communication protocol, at least of at least one remote main control end of control class wooden horse A kind of remote control class wooden horse verification method of reaching the standard grade of checking and include described in the payload destroying instruction any one or many The combination planted.
Embodiments providing a kind of remote control class wooden horse and remove device, communication feature builds module 206 by building The remote communication feature storehouse controlling class wooden horse, can identify wooden horse packet in flow, and accuracy is high, and recognition efficiency is high;Traction mould Block 203 passes through the flow lead of hit to breaking through device, can be changed in network environment by arranging of device of counter Parameter, reaches truly to simulate main control end to purpose;Man-in-the-middle attack module 204, by using flow reinjection technique, simulates master control Hold to set up with controlled terminal and be connected, thus send to the wooden horse of controlled terminal and destroy instruction, destroy module 205 and pick above-mentioned destruction instruction After can thoroughly destroy trojan horse program, improve internet security.
It should be understood that described embodiment is only illustrated with the division of described each functional module, actual application In, as desired the distribution of described function can be completed by different functional modules, will the internal structure of device be divided into Different functional modules, to complete all or part of function described above.It addition, the remote control class wood that described embodiment provides Horse sweep-out method and device belong to same design, and it implements process detailed in Example, repeats no more here.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all spirit in the present invention and Within principle, any modification, equivalent substitution and improvement etc. made, should be included within the scope of the present invention.

Claims (10)

1. one kind remote control class wooden horse sweep-out method, it is characterised in that described method includes:
Obtain at least one packet in network traffics;
According to default communication feature rule base, at least one packet described is mated, obtain the packet of hit;
To include that the flow lead of the packet of described hit is to remote control class wooden horse counter device;
Described remote control class wooden horse counter device is connected by flow re-injection with the controlled terminal foundation of described remote control class wooden horse and sends From destroying instruction;
Described remote control class wooden horse performs destruction after receiving the described instruction of destruction certainly.
Method the most according to claim 1, it is characterised in that described basis preset communication feature rule base to described At least one packet mates, and before obtaining the packet of hit, described method also includes:
In extraction payload, at least one section of bytecode is as principal character;
Extract at least one attribute character in network message;
Combine to be formed by described principal character and described attribute character and identify the remote communication feature controlling class wooden horse.
Method the most according to claim 1, it is characterised in that described basis preset communication feature rule base to described extremely A few packet mates, and the packet obtaining hit includes:
Described packet is recombinated, decompresses and is deciphered, and with the communication feature in described default communication feature rule base Mate;
If communication feature is identical with the communication feature in described default communication feature rule base in described packet, then judge institute State the packet that packet is described hit.
Method the most according to claim 1, it is characterised in that described will include the flow lead of the packet of described hit Include to remote control class wooden horse counter device:
According to counter strategy, obtain the information of described flow;
Described flow lead is broken through device to remote control class wooden horse by the information according to described flow;Wherein, the information of described flow Including any one in remote control class wooden horse kind, remote control class wooden horse version and the protocol port obtained according to counter strategy or many The combination planted.
Method the most according to claim 1, it is characterised in that described remote control class wooden horse counter device by flow re-injection with The controlled terminal of described remote control class wooden horse is set up and is connected and send self-marketing and ruin instruction and include:
The remote main control end controlling class wooden horse described in described remote control class wooden horse counter unit simulation;
After receiving the flow of packet including described hit, set up the company between the controlled terminal of described remote control class wooden horse Connect;
Send described from destroying instruction to the controlled terminal of described remote control class wooden horse;Wherein, described remote control class wooden horse counter device bag Include at least one far the main control end of control class wooden horse communication protocol, at least one far control verification method that the checking of class wooden horse reaches the standard grade and Combination including described any one or more in the payload destroying instruction.
6. device removed by one kind remote control class wooden horse, it is characterised in that described device includes:
Acquisition module, for obtaining at least one packet in network traffics;
Matching module, for mating at least one packet described according to the communication feature rule base preset, is ordered In packet;
Traction module, the flow lead for the packet by including described hit breaks through device to remote control class wooden horse;
Go-between's module, for the described remote control class wooden horse counter device controlled terminal by flow re-injection with described remote control class wooden horse Set up to connect and send self-marketing and ruin instruction;
Destroy module, after described remote control class wooden horse receives the described instruction of destruction certainly, perform destruction.
Device the most according to claim 6, it is characterised in that described device also includes that communication feature builds module, is used for:
In extraction payload, at least one section of bytecode is as principal character;
Extract at least one attribute character in network message;
Combine to be formed by described principal character and described attribute character and identify the remote communication feature controlling class wooden horse.
Device the most according to claim 6, it is characterised in that described matching module specifically for:
Described packet is recombinated, decompresses and is deciphered, and with the communication feature in described default communication feature rule base Mate;
If communication feature is identical with the communication feature in described default communication feature rule base in described packet, then judge institute State the packet that packet is described hit.
Device the most according to claim 6, it is characterised in that described traction module specifically for:
According to counter strategy, obtain the information of described flow;
Described flow lead is broken through device to remote control class wooden horse by the information according to described flow;Wherein, the information of described flow Including any one in remote control class wooden horse kind, remote control class wooden horse version and the protocol port obtained according to counter strategy or many The combination planted.
Device the most according to claim 6, it is characterised in that described go-between's module specifically for:
The remote main control end controlling class wooden horse described in described remote control class wooden horse counter unit simulation;
After receiving the flow of packet including described hit, set up the company between the controlled terminal of described remote control class wooden horse Connect;
Send described from destroying instruction to the controlled terminal of described remote control class wooden horse;Wherein, described remote control class wooden horse counter device bag Include at least one far the main control end of control class wooden horse communication protocol, at least one far control verification method that the checking of class wooden horse reaches the standard grade and Combination including described any one or more in the payload destroying instruction.
CN201610825391.XA 2016-09-14 2016-09-14 A kind of far control class wooden horse sweep-out method and device Active CN106302520B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610825391.XA CN106302520B (en) 2016-09-14 2016-09-14 A kind of far control class wooden horse sweep-out method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610825391.XA CN106302520B (en) 2016-09-14 2016-09-14 A kind of far control class wooden horse sweep-out method and device

Publications (2)

Publication Number Publication Date
CN106302520A true CN106302520A (en) 2017-01-04
CN106302520B CN106302520B (en) 2019-10-11

Family

ID=57711730

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610825391.XA Active CN106302520B (en) 2016-09-14 2016-09-14 A kind of far control class wooden horse sweep-out method and device

Country Status (1)

Country Link
CN (1) CN106302520B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106992992A (en) * 2017-05-24 2017-07-28 南京中孚信息技术有限公司 A kind of Trojan detecting method based on communication behavior
CN113722705A (en) * 2021-11-02 2021-11-30 北京微步在线科技有限公司 Malicious program clearing method and device
CN114024778A (en) * 2022-01-06 2022-02-08 北京微步在线科技有限公司 Trojan horse removing method and device, electronic equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067370A (en) * 2012-12-24 2013-04-24 珠海市君天电子科技有限公司 Method of identifying remote control Trojan and device thereof
CN103179105A (en) * 2012-10-25 2013-06-26 四川省电力公司信息通信公司 Intelligent Trojan horse detecting device based on behavior features in network flows and method thereof
CN105049273A (en) * 2014-12-05 2015-11-11 哈尔滨安天科技股份有限公司 Method and system for detecting Trojan virus by simulating network activities

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103179105A (en) * 2012-10-25 2013-06-26 四川省电力公司信息通信公司 Intelligent Trojan horse detecting device based on behavior features in network flows and method thereof
CN103067370A (en) * 2012-12-24 2013-04-24 珠海市君天电子科技有限公司 Method of identifying remote control Trojan and device thereof
CN105049273A (en) * 2014-12-05 2015-11-11 哈尔滨安天科技股份有限公司 Method and system for detecting Trojan virus by simulating network activities

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106992992A (en) * 2017-05-24 2017-07-28 南京中孚信息技术有限公司 A kind of Trojan detecting method based on communication behavior
CN106992992B (en) * 2017-05-24 2020-02-11 南京中孚信息技术有限公司 Trojan horse detection method based on communication behaviors
CN113722705A (en) * 2021-11-02 2021-11-30 北京微步在线科技有限公司 Malicious program clearing method and device
CN114024778A (en) * 2022-01-06 2022-02-08 北京微步在线科技有限公司 Trojan horse removing method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN106302520B (en) 2019-10-11

Similar Documents

Publication Publication Date Title
KR101679578B1 (en) Apparatus and method for providing controlling service for iot security
CN101778099B (en) Architecture accessing trusted network for tolerating untrusted components and access method thereof
CN100594690C (en) Method and device for safety strategy uniformly treatment in safety gateway
CN109565500A (en) On-demand security architecture
CN106599694A (en) Security protection management methods, computer systems and computer-readable storage media
CN104158767B (en) A kind of network admittance device and method
CN108616882A (en) Household appliance matches network method, method of network entry, device, storage medium and equipment
CN101635730A (en) Method and system for safe management of internal network information of small and medium-sized enterprises
CN103621028A (en) Computer system, controller, and method for controlling network access policy
CN106302520A (en) A kind of remote control class wooden horse sweep-out method and device
CN107689949A (en) Data base authority management method and system
CN106209811A (en) Bluetooth equipment secure log auth method and device
CN107864162A (en) Convergence gateway dual system and its communication security guard method
CN101561855B (en) Method and system for controlling computer to access USB device
CN109495583B (en) Data security interaction method based on host characteristic confusion
US20140189135A1 (en) Methods, Systems, and Media for Secure Connection Management
CN104580225A (en) Cloud platform safety protection encryption device and method
CN104660554A (en) Method for implementing communication data security of virtual machines
CN105704093B (en) A kind of firewall access control policy error-checking method, apparatus and system
CN107070893A (en) A kind of power distribution network terminal IEC101 protocol massages certification method of discrimination
CN105897536A (en) Network game accelerating system based on overlay network
CN109302397A (en) A kind of network safety managing method, platform and computer readable storage medium
CN106454903A (en) Method and device for accessing smart terminal equipment into Internet
CN104270317B (en) A kind of control method, system and the router of router operation application program
CN106572103A (en) Hidden port detection method based on SDN network architecture

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 100191 Beijing City, North Third Ring Road West, No. 27, building 25, room five, floor 5002

Applicant after: EVERSEC (BEIJING) TECHNOLOGY Co.,Ltd.

Address before: 100191 Beijing City, North Third Ring Road West, No. 27, building 25, room five, floor 5002

Applicant before: EVERSEC (BEIJING) TECHNOLOGY Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20170104

Assignee: CHINA TECHNOLOGY EXCHANGE Co.,Ltd.

Assignor: EVERSEC (BEIJING) TECHNOLOGY Co.,Ltd.

Contract record no.: X2023110000035

Denomination of invention: A remote control Trojan horse cleaning method and device

Granted publication date: 20191011

License type: Exclusive License

Record date: 20230317

EE01 Entry into force of recordation of patent licensing contract
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: A remote control Trojan cleaning method and device

Effective date of registration: 20230323

Granted publication date: 20191011

Pledgee: CHINA TECHNOLOGY EXCHANGE Co.,Ltd.

Pledgor: EVERSEC (BEIJING) TECHNOLOGY Co.,Ltd.

Registration number: Y2023110000116

PE01 Entry into force of the registration of the contract for pledge of patent right