| The Dynamic Embedded Trojan horse is a DLL file which is composed by Trojan code and some special code.This kind of Trojan horse embedded into the processes to realize the malicious features.Because of the good concealment of this Trojan horse,they are often used to steal the account and password of the bank or online games,and it brings huge economic losses to the users. Therefore,the study of Dynamic Embedded Trojan horse detection has a great practical value.This article first introduces the purpose and significance of the study on Dynamic Embedded Trojan horse,the concept of Dynamic Embedded Trojan horse.And then it present the different types of Dynamic Embedded Trojan horse and embedding process of the Trojan horse.After analyzing the shortcoming and advantages of the current detection methods of Dynamic Embedded Trojan horse, this article proposed a new way which using the Trojan horse file's static information to dectect Dynamic Embedded Trojan horse.This method by analyzing the file static information between the Dynamic Embedded Trojan horse and legitimate DLL files,extracted static information from two files which can distinguish two files,then using decision tree to built the detection model.At the last, we design a simple Trojan Detection System and tested through experiment.The result from the experiment shows that the detection system can correctly identify more than 90%of the Dynamic Embedded Trojan horse. |
PDF Full Text Request