The Detection Of Trojan Horse Based On The File's Static Characteristics

With the development of Internet, computer network economy has alreadypermeated through every part of people's life. But the crime phenomenon of thenetwork often takes place. Criminals are often carried on by using the Trojan horse.Trojan horses are a huge security threat to computer network. Traditionally,Trojan Horses are detected using file's dynamic characteristics or behaviors. However,these methods are not available for unknown or un-awakened Trojan horses.Trojan horse always exists as PE file format in the Windows system environment,and the PE file has many static characteristics, which contains many runtimecharacteristics. In this paper, a new detecting method based on PE file's staticattributes is proposed, and intelligent information processing techniques are used toanalyze those static attributes, such as decision tree, BP network. Further, a detectionmodel is established to estimate whether a PE file is a Trojan horse. This thesis isprepared to value the static Trojan characteristic and build a new way to detect theTrojan horse by using the PE file static characteristics, and how to build ArtificialNeural Network modals of the Trojan horse detection, and finally, to our fever, we gotthe satisfaction of the result.Experimental results validate our works.