Computer Science

Computer Science ›› 2016, Vol. 43 ›› Issue (4): 150-154.doi: 10.11896/j.issn.1002-137X.2016.04.030

Previous Articles     Next Articles

Trojans Keep-alive Behavior Detection Approach Based on Wavelet Transform

BAI Hong, PANG Jian-min, DAI Chao and YUE Feng   

  • Online:2018-12-01 Published:2018-12-01

PDF (PC)

853

Abstract: Trojans keep-alive behavior detection algorithms generally are based on the method of clustering,which can hardly avoid the interference of other packets in the network,leading to false positive results.Therefore,this paper proposed a Trojans keep-alive behavior detection approach based on wavelet transform.In this approach,firstly,TCP packetsstream is described by packet length signal,then the signal is processed by compelling threshold denoising method based on Mallat theory,and finally detection results can be acquired through detail information decision algorithm based on packet rate.Experiments show that this approach can detect Trojan keep-alive behavior effectively and has better anti-interference.

Key words: Trojans keep-alive behavior,Packet length signal,Mallat theory,Wavelet transform

[1] Scarfone K,Mell P.Guide to intrusion detection and prevention systems (idps)[J].National Institute of Standards and Techno-logy Special Publication,2007,2007(800):94
[2] Ding Wei-qiu,A detection technology based on network beha-vioral characteristics of Trojan [D].Nanjing:Nanjing University of Posts and Telecommunications,2013(in Chinese) 丁卫球.基于网络行为特征的木马检测技术[D].南京:南京邮电大学,2013
[3] Xia Ai-min,Zhang Hong-zhi,Yang Wei-feng.Trojan Horse Detection Technology based on Characteristics of Comprehensive Behavior[J].Information Security and Communications Privacy,2014(6):109-113(in Chinese) 夏爱民,张宏志,杨伟锋.基于综合行为特征的木马检测技术研究[J].信息安全与通信保密,2014(6):109-113
[4] Ma Li-jun.The survey of theft Trojan Detection based on behavior detection[J].Journal of Guangxi University for Nationali-ties(Natural Science Edition),2014,20(2):70-74(in Chinese) 马立军.基于行为检测的窃密型木马检测研究[J].广西民族大学学报(自然科学版),2014,20(2):70-74
[5] Tao He,Hao Zhong.Network heartbeat packets recognition basedon DTW and HC-FCM algorithm[C]∥2010 Sixth International Conference on Natural Computation (ICNC).IEEE,2010,6:3190-3193
[6] Yi Jun-kai,Chen Li,Sun Jian-wei.Data flow clustering detection approach of network heartbeat packet sequence[J].Computer Engineering,2011,37(24):61-63
[7] Pu Yi-guo,Chen Xiao-jun,Cui Xu,et al.Data Stolen Trojan Detection based on Network Behaviors[J].Procedia Computer Science,2013,17:828-835
[8] Meng Lei,Liu Sheng-li,Liu Long,et al.Trojan Rapid Detection Method Based on Heartbeat Behavior Analysis[J].Computer Engineering 2012,38(14):13-16(in Chinese) 孟磊,刘胜利,刘龙,等.基于心跳行为分析的木马快速检测方法[J].计算机工程,2012,38(14):13-16
[9] Wu Xiao-pei,Song Jun-ke,Guo Xiao-jing,et al.The Online Envelope Detection Based on Sliding Window ICA and Its Application to Brain-Computer Interface[J].Acta Biophysica Sinica,2012,28(11):896-909(in Chinese) 吴小培,宋俊可,郭晓静,等.基于滑动窗独立分量分析的在线包络检测新方法及其在脑-机接口中的应用[J].生物物理学报,2012,28(11):896-909
[10] Oppenheim A V,Willsky A S,Nawab S H.Signals and systems[M].Englewood Cliffs,NJ:Prentice-Hall,1983
[11] Yang Yue-xiang.The Research on the Algorithms of Information Hiding and Network Traffic Detection Based on Wavelet Analysis[D].Changsha:National University of Defense Technology,2008(in Chinese) 杨岳湘.基于小波变换的信息隐藏与网络流量检测方法研究[D].长沙:国防科学技术大学,2008
[12] Yang Ji-peng,Liu Xue-cheng.Study of The NetWork Abnormal Detection Based on The Wavelet Transforms[J].Journal of Shanghai Agicultural University(Natural Science),2011(1):95-99(in Chinese) 杨继鹏,刘学诚.基于小波变换的网络异常检测研究[J].山东农业大学学报(自然科学版),2011(1):95-99
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.