A Highly Efficient Remote Access Trojan Detection Method

Wei Jiang; Xianda Wu; Xiang Cui; Chaoge Liu

首页> 外文期刊>International journal of digital crime and forensics >A Highly Efficient Remote Access Trojan Detection Method

【24h】

A Highly Efficient Remote Access Trojan Detection Method

机译：一种高效的远程访问木马检测方法

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Nowadays, machine learning is popular in remote access Trojan (RAT) detection which can create patterns for decision-making. However, most research focus on improving the detection rate and reducing the false negative rate, therefore they ignore the result of abnormal samples. In addition, most classifiers select several proprietary applications and RATs as their training set, which makes them difficult to adapt to the real environment. In this article, the authors address the issue of imbalance dataset between normal and RAT samples, and propose a highly efficient method of detecting RATs in real traffic. In the authors method, they generate eight features by combining the size, the inter-arrival and the flag from one packet sequence. Then, they preprocess the imbalance dataset and implement a classifier by XGBoost algorithm. The classifier achieves a false negative rate of less than 0.18%. Moreover, the authors demonstrate that their classifier is capable of detecting unknown RAT.

机译：如今，机器学习在远程访问木马（RAT）检测中流行，可以创建用于决策的模式。然而，大多数研究侧重于提高检测率并降低假负率，因此它们忽略了异常样品的结果。此外，大多数分类器选择了几个专有的应用程序和大鼠作为他们的训练集，这使得它们难以适应真实环境。在本文中，作者在正常和大鼠样品之间解决了不平衡数据集的问题，并提出了一种高效的检测真实流量大鼠的方法。在作者方法中，它们通过组合大小，到达和来自一个数据包序列的尺寸来生成八个特征。然后，它们预处理不平衡数据集并通过XGBoost算法实现分类器。分类器达到假负率小于0.18％。此外，作者表明，其分类器能够检测未知的大鼠。

著录项

来源
《International journal of digital crime and forensics》 |2019年第4期|1-13|共13页
作者
Wei Jiang; Xianda Wu; Xiang Cui; Chaoge Liu;
展开▼
作者单位

Beijing University of Technology Chinese Academy of Cyberspace Studies' Beijing China;

Beijing University of Technology Beijing China;

Guangzhou University Guangzhou China;

Institute of Information Chinese Academy of Sciences Beijing China;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
Feature Extraction; Machine Learning; Network Behavior; Remote Access Trojan; Traffic;

机译：特征提取;机器学习;网络行为;远程访问木马;交通;

相似文献

外文文献
中文文献
专利

1. An efficient methodology for hardware Trojan detection based on canonical correlation analysis [J] . Yu Weize, Wang Yubing Microelectronics Journal . 2021,第Sepa期

机译：基于规范相关分析的硬件木马检测有效方法
2. An Experimental Analysis of Power and Delay Signal-to-Noise Requirements for Detecting Trojans and Methods for Achieving the Required Detection Sensitivities [J] . Lamech C., Rad R. M., Tehranipoor M., Information Forensics and Security, IEEE Transactions on . 2011,第3期

机译：特洛伊木马检测功率和延迟信噪比要求的实验分析以及实现所需检测灵敏度的方法
3. A method to prevent hardware Trojans limiting access to layout resources [J] . Supon Tareq Muhammad, Seyedbarhagh Mahsasadat, Rashidzadeh Rashid, Microelectronics reliability . 2021,第Sepa期

机译：一种防止硬件特洛伊木马限制对布局资源的方法的方法
4. A Host-Based Detection Method of Remote Access Trojan in the Early Stage [C] . Daichi Adachi, Kazumasa Omote International conference on information security practice and experience . 2016

机译：早期基于主机的远程访问木马检测方法
5. Methods for Reducing Threat Intelligence Pollution: an Empirical Study on Remote Access Trojan Ecosystem [D] . Rezaeirad, Mohammad . 2019

机译：减少威胁情报污染的方法：远程访问木马生态系统的实证研究
6. MAPINS a Highly Efficient Detection Method That Identifies Insertional Mutations and Complex DNA Rearrangements [O] . Huawen Lin, Paul F. Cliften, Susan K. Dutcher 2018

机译：MAPINS一种识别插入突变和复杂DNA重排的高效检测方法
7. Optimal remote access trojans detection based on network behavior [O] . Khin Swe Yin, May Aye Khine 2019

机译：基于网络行为的最佳远程访问特洛伊木马检测

A Highly Efficient Remote Access Trojan Detection Method

摘要

著录项

相似文献

相关主题

期刊订阅