• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>IEEE International Conference on Software Engineering and Service Science >A Network Behavior Analysis Method to Detect Reverse Remote Access Trojan
【24h】

A Network Behavior Analysis Method to Detect Reverse Remote Access Trojan

机译:一种检测反向远程访问木马的网络行为分析方法

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Remote Access Trojan (RAT)reverse connections are secret and malicious, which are established to steal private data or be operated under hacker's command. To detect reverse RAT effectively, a network behavior-based method is introduced in this paper. We first conclude a typical network communication pattern. Then four uncorrelated network behavior features are extracted from every TCP session as the detection model input. Six supervised classification algorithms are applied on real network traffic data set to distinguish RAT and legitimate sessions. Besides detection accuracy, AUC is also used because the amount of RAT sessions is much less than normal sessions and AUC is suitable to evaluate the performance of such imbalanced problem. Detection accuracies of all test algorithms are higher than 0.92. AUC of Random Forest, SVM and Logistic Regression are higher than 0.94, which shows their ability to handle imbalanced data set. Compared to related work, the proposed method is effective on connection encrypted RAT detection, and can distinguish RAT sessions from similar normal sessions, like P2P or cloud application sessions.
机译:远程访问特洛伊木马(RAT)反向连接是秘密和恶意的,它们的建立是为了窃取私人数据或在黑客的命令下进行的。为了有效地检测反向RAT,本文介绍了一种基于网络行为的方法。我们首先得出一个典型的网络通信模式。然后,从每个TCP会话中提取四个不相关的网络行为特征作为检测模型的输入。六种监督分类算法应用于实际网络流量数据集,以区分RAT和合法会话。除了检测准确性外,还使用了AUC,因为RAT会话的数量比正常会话少得多,并且AUC适合评估这种不平衡问题的性能。所有测试算法的检测精度均高于0.92。随机森林的AUC,SVM和Logistic回归均高于0.94,这表明它们具有处理不平衡数据集的能力。与相关工作相比,该方法对连接加密的RAT检测有效,并且可以将RAT会话与类似的普通会话(例如P2P或云应用程序会话)区分开。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号