Trojan Detection Based on Network Flow Clustering

Author

Xiaochen Zhang ; Shengli Liu ; Lei Meng ; Yunfang Shi

Author_Institution

Zhengzhou Inst. of Inf. Sci. & Technol., Zhengzhou, China

fYear

2012

fDate

2-4 Nov. 2012

Firstpage

947

Lastpage

950

Abstract

Trojan is a threat to network security which poses a serious threat to national security. Through research on Trojan communication process, this paper proposes a data stream clustering method based on packet timestamp. This method uses cluster to compress Trojan communication data stream information, extracts cluster characteristics and then detects Trojans according to the cluster characteristics and correlation between the clusters. The experimental results showed that this method achieved good detection results.

Keywords

client-server systems; computer network security; invasive software; pattern clustering; C-S structure; IP connection; Trojan communication process; Trojan detection; cluster characteristic extraction; data stream clustering method; national security; network flow clustering; network security; packet timestamp; Algorithm design and analysis; Classification algorithms; Clustering algorithms; Decision trees; Heart beat; Trojan horses; ¡°Heartbeat¡± behavior; Trojan detection; clustering algorithms; network security; timestamp;

fLanguage

English

Publisher

ieee

Conference_Titel

Multimedia Information Networking and Security (MINES), 2012 Fourth International Conference on

Conference_Location

Nanjing

Print_ISBN

978-1-4673-3093-0

Type

conf

DOI

10.1109/MINES.2012.242

Filename

6405737