CN106302520B - A kind of far control class wooden horse sweep-out method and device - Google Patents
A kind of far control class wooden horse sweep-out method and device Download PDFInfo
- Publication number
- CN106302520B CN106302520B CN201610825391.XA CN201610825391A CN106302520B CN 106302520 B CN106302520 B CN 106302520B CN 201610825391 A CN201610825391 A CN 201610825391A CN 106302520 B CN106302520 B CN 106302520B
- Authority
- CN
- China
- Prior art keywords
- wooden horse
- remote control
- control class
- data packet
- class wooden
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of remote control class wooden horse sweep-out method and devices, belong to network safety filed, which is characterized in that the described method includes: obtaining at least one data packet in network flow;At least one described data packet is matched according to preset communication feature rule base, the data packet hit;The flow lead of data packet including the hit to remote control class wooden horse is broken through into device;The remote control class wooden horse counter device establishes connection and send self-marketing by the controlled terminal of flow re-injection and the remote control class wooden horse ruins instruction;The remote control class wooden horse executes destruction after receiving the instruction from destruction.Technical solution disclosed by the invention is based on the remote control class wooden horse main control end of network side flow reinjection technique simulation and controlled terminal establishes connection, sends to controlled terminal from instruction is destroyed, thoroughly destroys the trojan horse program of controlled terminal, improve internet security.
Description
Technical field
The present invention relates to cyberspace security technology area, in particular to a kind of remote control class wooden horse sweep-out method and device.
Background technique
Social now, with the high speed development of science and technology, the equipment for accessing internet is also more and more, the clothes run in equipment
It is engaged in also rich and varied, huge Internet market brings huge business opportunity, while also under cover titanic peril, and trojan horse is just
It is one of.
Wooden horse in computer generally includes two parts: main control end and controlled terminal, and main control end is controlled by the way that wooden horse to be implanted into
End, by network communication, main control end sends control command to controlled terminal, and controlled terminal is received and executed, so that it is controlled to reach control
The purpose at end, and being often controlled end subscriber can not find that oneself is controlled, sensitive information and document information of input etc.
It can be stolen by other side, cause greatly to lose.
It is removed in the prior art for remote control class wooden horse at present, lays particular emphasis on and blocked by network IP or malicious traffic stream cleaning
Method, reach and prevent connection between the controlled terminal and main control end of network side.But even if by main control end and controlled terminal it
Between connection prevent, still run trojan horse program on controlled terminal, these trojan horse programs have an opportunity through different channels, example
The realization self-renewings such as such as: online IP updates, and communication protocol updates, it is again online to be connect with main control end, continue to control controlled terminal.
Summary of the invention
To solve the above-mentioned problems, the present invention provides a kind of remote control class wooden horse sweep-out method and device, pass through go-between
Attack method simulates main control end and sends destruction instruction to the wooden horse of controlled terminal, achievees the purpose that thoroughly remove trojan horse program.
The technical solution is as follows:
In a first aspect, providing a kind of remote control class wooden horse sweep-out method, which is characterized in that the described method includes:
Obtain at least one data packet in network flow;
At least one described data packet is matched according to preset communication feature rule base, the data hit
Packet;
The flow lead of data packet including the hit to remote control class wooden horse is broken through into device;
The remote control class wooden horse counter device establishes connection simultaneously by the controlled terminal of flow re-injection and the remote control class wooden horse
It sends from destruction instruction;
The remote control class wooden horse executes destruction after receiving the instruction from destruction.
With reference to first aspect, in the first possible embodiment, described according to preset communication feature rule base
At least one described data packet is matched, before the data packet hit, the method also includes:
At least one section of bytecode is as main feature in extraction payload;
Extract at least one attributive character in network message;
Combine the main feature and the attributive character communication feature to form the remote control class wooden horse of identification.
With reference to first aspect, described according to preset communication feature rule base pair in second of possible embodiment
At least one described data packet is matched, and the data packet hit includes:
The data packet is recombinated, decompressed and is decrypted, and with the communication in the preset communication feature rule base
Feature is matched;
If communication feature is identical as the communication feature in the preset communication feature rule base in the data packet, sentence
The fixed data packet is the data packet of the hit.
With reference to first aspect, in the third possible embodiment, the stream by the data packet including the hit
Amount traction breaks through device to remote control class wooden horse
According to counter strategy, the information of the flow is obtained;
The flow lead to remote control class wooden horse is broken through into device according to the information of the flow;Wherein, the flow
Information includes any one in the remote control class wooden horse type, remote control class wooden horse version and protocol port obtained according to counter strategy
Or a variety of combination.
With reference to first aspect, in the 4th kind of possible embodiment, the remote control class wooden horse counter device passes through flow
The controlled terminal of re-injection and the remote control class wooden horse, which establishes connection and sends self-marketing and ruin instruction, includes:
The main control end of class wooden horse is far controlled described in the remote control class wooden horse counter unit simulation;
After receiving includes the flow of data packet of the hit, establish between the controlled terminal of the remote control class wooden horse
Connection;
It is sent to the controlled terminal of the remote control class wooden horse described from destruction instruction;Wherein, the remote control class wooden horse counter dress
Set the communication protocol of the main control end including at least one remote control class wooden horse, at least one remote control class wooden horse verifies online authentication
The combination of any one or more in method and the payload instructed including oneself destruction.
Second aspect provides a kind of remote control class wooden horse remove device, which is characterized in that described device includes:
Module is obtained, for obtaining at least one data packet in network flow;
Matching module is obtained for being matched according to preset communication feature rule base at least one described data packet
To the data packet of hit;
Traction module, for will include the hit data packet flow lead to remote control class wooden horse counter device;
Go-between's module passes through the quilt of flow re-injection and the remote control class wooden horse for the remote control class wooden horse counter device
Control end, which establishes connection and sends self-marketing, ruins instruction;
Module is destroyed, for executing destruction from after destroying instruction described in the remote control class wooden horse reception.
In conjunction with second aspect, in the first possible embodiment, described device further includes communication feature building module,
For:
At least one section of bytecode is as main feature in extraction payload;
Extract at least one attributive character in network message;
Combine the main feature and the attributive character communication feature to form the remote control class wooden horse of identification.
In conjunction with second aspect, in second of possible embodiment, the matching module is specifically used for:
The data packet is recombinated, decompressed and is decrypted, and with the communication in the preset communication feature rule base
Feature is matched;
If communication feature is identical as the communication feature in the preset communication feature rule base in the data packet, sentence
The fixed data packet is the data packet of the hit.
In conjunction with second aspect, in the third possible embodiment, the traction module is specifically used for:
According to counter strategy, the information of the flow is obtained;
The flow lead to remote control class wooden horse is broken through into device according to the information of the flow;Wherein, the flow
Information includes any one in the remote control class wooden horse type, remote control class wooden horse version and protocol port obtained according to counter strategy
Or a variety of combination.
In conjunction with second aspect, in the 4th kind of possible embodiment, the traction module is specifically used for:
According to counter strategy, the information of the flow is obtained;
The flow lead to remote control class wooden horse is broken through into device according to the information of the flow;Wherein, the flow
Information includes any one in the remote control class wooden horse type, remote control class wooden horse version and protocol port obtained according to counter strategy
Or a variety of combination.
The embodiment of the invention provides a kind of remote control class wooden horse sweep-out method and devices, by constructing the logical of remote control class wooden horse
Believe feature database, wooden horse data packet can be identified in flow, accuracy is high, and recognition efficiency is high;Pass through the flow lead that will be hit
To counter device, the parameter in network environment can be changed by the setting of counter device, reach real simulation main control end and arrive
Purpose;By using flow reinjection technique, simulates main control end and controlled terminal establishes connection, sold to be sent to the wooden horse of controlled terminal
Instruction is ruined, trojan horse program can be thoroughly destroyed, improves internet security.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for
For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is the remote control class wooden horse sweep-out method flow diagram that one embodiment of the present invention provides;
Fig. 2 is the remote control class wooden horse remove device structural schematic diagram that another preferred embodiment of the present invention provides.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached in the embodiment of the present invention
Figure, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only this
Invention a part of the embodiment, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art exist
Every other embodiment obtained under the premise of creative work is not made, shall fall within the protection scope of the present invention.
Referring to Fig. 1, a kind of remote control class wooden horse sweep-out method is provided in a preferred embodiment, and especially one kind is based on
The remote control class wooden horse sweep-out method of network side flow reinjection technique, wherein flow reinjection technique can be any way, including but
It is not limited to following: policybased routing, MPLS VPN, two layers of transparent transmission and dual link etc..Specifically include following methods:
At least one data packet in S101, acquisition network flow.
Specifically, the data packet in network flow is acquired using flow collection equipment DPI.In a complete net
In network communication, communicated in the form of session between main control end and controlled terminal, request packet and response bag including transmitting-receiving.
The collected data packet of DPI can be request packet and be also possible to response bag, can be general data packet and is also possible to wooden horse communication
Data packet.
S102, the preset communication feature rule base of building.
Specifically, extract payload data payload at least one section of bytecode as main feature;
Extract at least one attributive character in network message;
Combine main feature and attributive character the communication feature to form the remote control class wooden horse of identification.
Wherein, the attributive character of network message includes: size, agreement, the five-tuple restriction of data packet, request packet/response
Any one or more combinations in packet restriction and time interval etc..
Wherein, payload data payload is obtained by the communication protocol of analysis, the remote control class wooden horse of decryption.
By having merged remote control for the communication feature of the specific remote control class wooden horse of the combination building of main feature and attributive character
The data characteristics of class wooden horse and the data characteristics of network message can far be controlled class wooden horse with unique identification and identify the net where wooden horse
Network environment.Data arrangement and location mode in communication feature are referred to data arrangement and storage side in general data packet
Formula is not specifically limited herein.In the communication feature rule base of building, the combination of communication feature can with any combination,
It, can be by multiple communication features come characterized and identification for complicated wooden horse communication feature.
Optionally, S102 can be after S101, can also be before S101, and execution sequence is not specifically limited.
S103, at least one data packet is matched according to preset communication feature rule base, the data hit
Packet.
Specifically, data packet recombinated, decompressed and is decrypted, and with the communication special in preset communication feature rule base
Sign is matched;
It, will be logical in obtained data information and communication feature rule base after being recombinated, decompressed and being decrypted to data packet
Letter feature is successively matched.Optionally, in order to improve matched efficiency, can first matching network message attributive character, to
After determination, main feature is being matched item by item.
If communication feature is identical as the communication feature in preset communication feature rule base in data packet, data packet is determined
For the data packet of hit.Otherwise, terminate the execution of this method.
Wherein, the data packet of hit is the wooden horse data packet comprising communication feature.
S104, the flow lead of the data packet including hit to remote control class wooden horse is broken through into device.
Specifically, according to counter strategy, the information of flow is obtained;
Flow lead to remote control class wooden horse is broken through into device according to the information of flow;Wherein, the information of flow includes basis
The group of any one or more in remote control class wooden horse type, remote control class wooden horse version and protocol port that counter strategy obtains
It closes.
Wherein, the flow hit in S103 can identify remote control class wooden horse type, remote control after recombination, decompression and decryption
Class wooden horse version and protocol port formulate counter strategy according to obtained above- mentioned information, thus by the flow lead of above-mentioned hit
To the corresponding ports of wooden horse counter device.
S105, remote control class wooden horse counter device are established connection by the controlled terminal of flow re-injection and remote control class wooden horse and are sent
It is instructed from destroying.
Specifically, far control class wooden horse breaks through the main control end that unit simulation far controls class wooden horse;
After receiving includes the flow of data packet of hit, the connection between the controlled terminal of remote control class wooden horse is established;
Instruction is destroyed certainly described in controlled terminal transmission to remote control class wooden horse;Wherein, far control class wooden horse counter device includes extremely
The few a kind of remote communication protocol of the main control end of control class wooden horse, at least one remote control class wooden horse verify online verification method and including
The combination of any one or more from the payload for destroying instruction.
Remote control class wooden horse counter device includes hardware device and software environment, can pass through software mould in terms of software environment
Intend a variety of known remote control class wooden horse main control end section communication agreements, and pre-sets the online verification method of a variety of logins
With from destroy instruction payload, when receive by flow lead come hit flow after, can simulate far control class wooden horse
Main control end actively establishes the connection with controlled terminal to network parameter real time modifying.Connection is established in simulation main control end and controlled terminal
Process nature be the process for initiating man-in-the-middle attack, be different from blocking technology and beeswax technology to remote control class wooden horse main control end
Adapter tube, man-in-the-middle attack is using directly establishing connection with controlled terminal.After simulation main control end and controlled terminal establish connection, far
Control class wooden horse counter device can be sent to controlled terminal from destruction instruction for preset.
S106, remote control class wooden horse execute destruction after instructing received from destruction.
Operate in controlled terminal remote control class wooden horse receive transmission from destroy instruction after, execute from destroy task, thoroughly
Destroy the trojan horse program of operation.Backstage is run in Destruction, does not influence the normal display and operation of controlled end equipment.
A kind of remote control class wooden horse sweep-out method provided in an embodiment of the present invention, by the communication feature for constructing remote control class wooden horse
Library can identify wooden horse data packet in flow, and accuracy is high, and recognition efficiency is high;It is extremely broken through by the flow lead that will be hit
Device can change the parameter in network environment by the setting of counter device, reach real simulation main control end to purpose;It is logical
It crosses using flow reinjection technique, simulation main control end and controlled terminal establish connection, instruction is destroyed to send to the wooden horse of controlled terminal,
Trojan horse program can be thoroughly destroyed, internet security is improved.
Referring to shown in Fig. 2, in another preferred embodiment of the present invention, a kind of remote control class wooden horse remove device is provided,
The device includes:
Module 201 is obtained, for obtaining at least one data packet in network flow;Specifically, it is set using flow collection
Standby DPI obtains at least one data packet in network flow.
Matching module 202 is obtained for being matched according to preset communication feature rule base at least one data packet
The data packet of hit.
Traction module 203, flow lead to the remote control class wooden horse for that will include the data packet hit break through device.
Go-between's module 204 passes through the controlled terminal of flow re-injection and remote control class wooden horse for far controlling class wooden horse counter device
It establishes connection and sends self-marketing and ruin instruction.
Destruction module 205 executes destruction for far controlling after class wooden horse is instructed received from destruction.
Wherein, which further includes communication feature building module 206, is used for:
At least one section of bytecode is as main feature in extraction payload;
Extract at least one attributive character in network message;
Combine main feature and attributive character the communication feature to form the remote control class wooden horse of identification.
Specifically, matching module 202 is specifically used for:
Data packet is recombinated, decompressed and is decrypted, and is carried out with the communication feature in preset communication feature rule base
Matching;
If communication feature is identical as the communication feature in preset communication feature rule base in data packet, data packet is determined
For the data packet of hit.
Specifically, traction module 203 is specifically used for:
According to counter strategy, the information of flow is obtained;
Flow lead to remote control class wooden horse is broken through into device according to the information of flow;Wherein, the information of flow includes basis
The group of any one or more in remote control class wooden horse type, remote control class wooden horse version and protocol port that counter strategy obtains
It closes.
Go-between's module 204 is specifically used for:
The main control end of remote control class wooden horse counter the controlled class wooden horse of unit simulation;
After receiving includes the flow of data packet of hit, the connection between the controlled terminal of remote control class wooden horse is established;
It sends to the controlled terminal of remote control class wooden horse from destruction instruction.
Wherein, far control class wooden horse counter device include at least one remote control class wooden horse main control end communication protocol, at least
A kind of remote control class wooden horse verifies online verification method and including any one from the payload for destroying instruction or more
The combination of kind.
The embodiment of the invention provides a kind of remote control class wooden horse remove device, communication feature building module 206 passes through building
The communication feature library of remote control class wooden horse, can identify wooden horse data packet in flow, and accuracy is high, and recognition efficiency is high;Draw mould
Block 203 passes through the flow lead of hit to device is broken through, and can be changed in network environment by the setting of counter device
Parameter reaches real simulation main control end to purpose;Man-in-the-middle attack module 204 simulates master control by using flow reinjection technique
Connection is established with controlled terminal in end, destroys instruction to send to the wooden horse of controlled terminal, destroys module 205 and picks above-mentioned destruction instruction
After can thoroughly destroy trojan horse program, improve internet security.
It should be understood that the embodiment is only with the division progress of each functional module for example, practical application
In, it can according to need and be completed by different functional modules the function distribution, i.e., be divided into the internal structure of device
Different functional modules, to complete all or part of the functions described above.In addition, the remote control class wood that the embodiment provides
Horse sweep-out method and device belong to same design, implement process detailed in Example, which is not described herein again.
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and
Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.
Claims (8)
1. a kind of remote control class wooden horse sweep-out method, which is characterized in that the described method includes:
Obtain at least one data packet in network flow;
At least one described data packet is matched according to preset communication feature rule base, the data packet hit;
The flow lead of data packet including the hit to remote control class wooden horse is broken through into device;
The flow lead by the data packet including the hit breaks through device to remote control class wooden horse
According to counter strategy, the information of the flow is obtained;
The flow lead to remote control class wooden horse is broken through into device according to the information of the flow;Wherein, the information of the flow
Including in the remote control class wooden horse type, remote control class wooden horse version and protocol port that are obtained according to counter strategy any one or it is more
The combination of kind;
The remote control class wooden horse counter device is established connection by the controlled terminal of flow re-injection and the remote control class wooden horse and is sent
It is instructed from destroying;
The remote control class wooden horse executes destruction after receiving the instruction from destruction.
2. the method according to claim 1, wherein it is described according to preset communication feature rule base to described
At least one data packet is matched, before the data packet hit, the method also includes:
At least one section of bytecode is as main feature in extraction payload;
Extract at least one attributive character in network message;
Combine the main feature and the attributive character communication feature to form the remote control class wooden horse of identification.
3. the method according to claim 1, wherein it is described according to preset communication feature rule base to it is described extremely
A few data packet is matched, and the data packet hit includes:
The data packet is recombinated, decompressed and is decrypted, and with the communication feature in the preset communication feature rule base
It is matched;
If communication feature is identical as the communication feature in the preset communication feature rule base in the data packet, institute is determined
State the data packet that data packet is the hit.
4. the method according to claim 1, wherein remote control class wooden horse counter device by flow re-injection with
The controlled terminal of the remote control class wooden horse, which establishes connection and sends self-marketing and ruin instruction, includes:
The main control end of class wooden horse is far controlled described in the remote control class wooden horse counter unit simulation;
After receiving includes the flow of data packet of the hit, the company between the controlled terminal of the remote control class wooden horse is established
It connects;
It is sent to the controlled terminal of the remote control class wooden horse described from destruction instruction;Wherein, the remote control class wooden horse breaks through device packet
Include the communication protocol of the main control end of at least one remote control class wooden horse, at least one remote control class wooden horse verifies online verification method and
Including the combination of any one or more from the payload for destroying instruction.
5. a kind of remote control class wooden horse remove device, which is characterized in that described device includes:
Module is obtained, for obtaining at least one data packet in network flow;
Matching module is ordered for being matched according to preset communication feature rule base at least one described data packet
In data packet;
Traction module, for will include the hit data packet flow lead to remote control class wooden horse counter device;
The traction module is specifically used for:
According to counter strategy, the information of the flow is obtained;
The flow lead to remote control class wooden horse is broken through into device according to the information of the flow;Wherein, the information of the flow
Including in the remote control class wooden horse type, remote control class wooden horse version and protocol port that are obtained according to counter strategy any one or it is more
The combination of kind;
Go-between's module passes through the controlled terminal of flow re-injection and the remote control class wooden horse for the remote control class wooden horse counter device
It establishes connection and sends self-marketing and ruin instruction;
Module is destroyed, for executing destruction from after destroying instruction described in the remote control class wooden horse reception.
6. device according to claim 5, which is characterized in that described device further includes communication feature building module, is used for:
At least one section of bytecode is as main feature in extraction payload;
Extract at least one attributive character in network message;
Combine the main feature and the attributive character communication feature to form the remote control class wooden horse of identification.
7. device according to claim 5, which is characterized in that the matching module is specifically used for:
The data packet is recombinated, decompressed and is decrypted, and with the communication feature in the preset communication feature rule base
It is matched;
If communication feature is identical as the communication feature in the preset communication feature rule base in the data packet, institute is determined
State the data packet that data packet is the hit.
8. device according to claim 5, which is characterized in that go-between's module is specifically used for:
The main control end of class wooden horse is far controlled described in the remote control class wooden horse counter unit simulation;
After receiving includes the flow of data packet of the hit, the company between the controlled terminal of the remote control class wooden horse is established
It connects;
It is sent to the controlled terminal of the remote control class wooden horse described from destruction instruction;Wherein, the remote control class wooden horse breaks through device packet
Include the communication protocol of the main control end of at least one remote control class wooden horse, at least one remote control class wooden horse verifies online verification method and
Including the combination of any one or more from the payload for destroying instruction.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610825391.XA CN106302520B (en) | 2016-09-14 | 2016-09-14 | A kind of far control class wooden horse sweep-out method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610825391.XA CN106302520B (en) | 2016-09-14 | 2016-09-14 | A kind of far control class wooden horse sweep-out method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106302520A CN106302520A (en) | 2017-01-04 |
| CN106302520B true CN106302520B (en) | 2019-10-11 |
Family
ID=57711730
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610825391.XA Active CN106302520B (en) | 2016-09-14 | 2016-09-14 | A kind of far control class wooden horse sweep-out method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106302520B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106992992B (en) * | 2017-05-24 | 2020-02-11 | 南京中孚信息技术有限公司 | Trojan horse detection method based on communication behaviors |
| CN113722705B (en) * | 2021-11-02 | 2022-02-08 | 北京微步在线科技有限公司 | Malicious program clearing method and device |
| CN114024778A (en) * | 2022-01-06 | 2022-02-08 | 北京微步在线科技有限公司 | Trojan horse removing method and device, electronic equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067370A (en) * | 2012-12-24 | 2013-04-24 | 珠海市君天电子科技有限公司 | Method of identifying remote control Trojan and device thereof |
| CN103179105A (en) * | 2012-10-25 | 2013-06-26 | 四川省电力公司信息通信公司 | Intelligent Trojan horse detecting device based on behavior features in network flows and method thereof |
| CN105049273A (en) * | 2014-12-05 | 2015-11-11 | 哈尔滨安天科技股份有限公司 | Method and system for detecting Trojan virus by simulating network activities |
-
2016
- 2016-09-14 CN CN201610825391.XA patent/CN106302520B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103179105A (en) * | 2012-10-25 | 2013-06-26 | 四川省电力公司信息通信公司 | Intelligent Trojan horse detecting device based on behavior features in network flows and method thereof |
| CN103067370A (en) * | 2012-12-24 | 2013-04-24 | 珠海市君天电子科技有限公司 | Method of identifying remote control Trojan and device thereof |
| CN105049273A (en) * | 2014-12-05 | 2015-11-11 | 哈尔滨安天科技股份有限公司 | Method and system for detecting Trojan virus by simulating network activities |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106302520A (en) | 2017-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106599694B (en) | Security protection manages method, computer system and computer readable memory medium | |
| CN106790034B (en) | A kind of method of internet of things equipment certification and secure accessing | |
| CN109565500A (en) | On-demand security architecture | |
| CN103428211B (en) | Network authentication system based on switch and authentication method thereof | |
| CN105049412B (en) | Data safety exchange method, device and equipment between a kind of heterogeneous networks | |
| CN106302520B (en) | A kind of far control class wooden horse sweep-out method and device | |
| CN106790091A (en) | A kind of cloud security guard system and flow cleaning method | |
| ES2768049T3 (en) | Procedures and systems to secure and protect repositories and directories | |
| CN104584507B (en) | It is authenticated by the first equipment of switching station pair | |
| CN103095701A (en) | Open flow table security enhancement method and device | |
| CN103530490A (en) | Simulator-type plug-in identification method and system for networking game | |
| CN106230594B (en) | A method of user authentication is carried out based on dynamic password | |
| CN111294333B (en) | Construction system of open type adaptive vulnerability drilling platform | |
| CN110024347A (en) | Safety building network structure | |
| EP3192226B1 (en) | Device and method for controlling a communication network | |
| CN108718297A (en) | Ddos attack detection method, device, controller and medium based on BP neural network | |
| JP2015231138A (en) | Cyber attack practice system, practice environment providing method, and, practice environment providing program | |
| CN109302397B (en) | Network security management method, platform and computer readable storage medium | |
| CN105897536A (en) | Network game accelerating system based on overlay network | |
| CN101420299B (en) | Method for enhancing stability of intelligent cipher key equipment and intelligent cipher key equipment | |
| CN106537873B (en) | Establish the secure computing devices for virtualization and management | |
| CN112491896B (en) | Trusted access authentication system based on virtualization network | |
| CN104363230B (en) | A kind of method that flood attack is protected in desktop virtualization | |
| CN201499183U (en) | Virtual network separation system | |
| CN105429867B (en) | A kind of pattern of fusion home gateway and its access method of application service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100191 Beijing City, North Third Ring Road West, No. 27, building 25, room five, floor 5002 Applicant after: EVERSEC (BEIJING) TECHNOLOGY Co.,Ltd. Address before: 100191 Beijing City, North Third Ring Road West, No. 27, building 25, room five, floor 5002 Applicant before: EVERSEC (BEIJING) TECHNOLOGY Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20170104 Assignee: CHINA TECHNOLOGY EXCHANGE Co.,Ltd. Assignor: EVERSEC (BEIJING) TECHNOLOGY Co.,Ltd. Contract record no.: X2023110000035 Denomination of invention: A remote control Trojan horse cleaning method and device Granted publication date: 20191011 License type: Exclusive License Record date: 20230317 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A remote control Trojan cleaning method and device Effective date of registration: 20230323 Granted publication date: 20191011 Pledgee: CHINA TECHNOLOGY EXCHANGE Co.,Ltd. Pledgor: EVERSEC (BEIJING) TECHNOLOGY Co.,Ltd. Registration number: Y2023110000116 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |