The Research Of Trojan Detection Technology Based On Biological Immune Principle

With the universal reference of Internet technology, computer network plays a pivotalrole in economic, political, military, social and life, etc. When people share the information,they also face many network security problems, for example, a lot of denial of service attackemerge in endlessly. Many malicious codes such as worms, viruses, Trojan and spywarespread in the internet still frequently. Because the existence of so many leaks, it appears thesecurity threats such as the web tamper and botnet caused by hackers. The Trojan horse as astrong attack means with particular invisibility has enormous damage to the network securityand gets more and more serious threats.The traditional Trojan detection and prevention technology divide into misuse detection(also called detection based on feature) and anomaly detection (also called detection based onbehavior). The realization of misuse detection is based on the known Trojan feature librarydefined by the experience rules or the expert knowledge. When monitoring the currentbehavior we should make them to match the features in the feature library to detect Trojanbehavior. The misuse detection can detect known Trojan attacks, but can not detect unknownTrojan intrusion. And to build such scale feature database is more difficult, that impacts thedetection efficiency. The anomaly detection first defines the rules of normal and unnormalbehaviors. Then judging the Trojan attack by generating the characteristics of the real-timemonitoring process Trojan started, port and the common used service function. Although theanomaly detection can detect unknown Trojan, it has low efficiency and misreport rate.Because the deficiencies of the traditional Trojan detection, if to realize real-time active andintelligent detection, we can use the biologic immune. Because it has adaptation, self-learningand remember. We use it to the Trojan detection and prevention field, and then can solve thelow accuracy, high misreport rate, high fail rate and lack of testing unknown Trojan, etc. Inthis thesis the immune principle is applied to Trojan detection and prevention based on thestudy of the immune algorithm.The main work of the article is as follows:（1）Analyzing the work principle of the Trojan program and behavior characteristic,then researching the key technology of Trojan horse and the mainstream of Trojan testingtechnology. Comparing the shortage of Trojan horse detection techniques, the biological immune theory is introduced to Trojan detection.（2）research the biologic immune theory and analysis the feasibility and importance ofintroducing the biologic to the Trojan detection. This paper mainly studies the negativeselection algorithm and clonal selection algorithm, and sum up their features.(3)Research detector generation algorithm, and compare each algorithm to seek onewhich can improve the Trojan detection efficiency, and also reduce the misreport rate. In theTrojan detection system we use the improved negative selection algorithm based on chaostheory, and using the ergodicity of chaotic to produce detection set, then use chaosdisturbance directly to produce more optimal individuals and overcome redundancies togenerate original detector. We make some improvement of clonal selection algorithm in thestage of memory detectors detect antigen which is that proposing the chaos mapping to makevariation, and that decreases the misreport rate.(4) In the premise of the improved algorithm, this paper puts forward a Trojan detectionmodel based on immune theory, and through experiment to test the performance of the model.The experiment shows that the proposed detector generation algorithm in this paper hasbetter effect than traditional algorithm. It also enhances the unknown Trojan detectionefficiency and the improved clonal selection algorithm increases the detection rate andreduces the misreport rate.