Research Of Trojan Horse Defense Mechanism Based On Immune

With the growing popularity and development of internet, network security has become a focus of attention. Trojan horse with characteristics of hidden, destructive, stubborn and so on has become a prominent issue. In recent years, many researchers make their research focus on defense and detection of Trojans. Biological Immune System can maintain its own stability and healthy in a constantly changing environment which is very similar with computer security issues. Artificial immune theory proposed on the end of the century is a novel way to solve the problem of information security.This paper studies the principle and common detection methods of Trojan horse, as well as some basic principles of artificial immune. Make some analysis of the structure and executive mechanism of Trojans on Windows system. A deep research is made on the artificial immune algorithms and their application in Trojan horse detection. On this basis, this paper puts forward a Trojan horse detection method based on the immune negative selection algorithm which can resolve the problem of Trojan variants detection; proposes the DP-NSA (Detector Proliferation - Negative Selection Algorithm) and the EVD-NSA (Enhanced Variable-sized Detector - Negative Selection Algorithm ) algorithm which are used in Trojan detection and improves the Trojan detection rate; this paper also puts forward a Trojan horse detection method based on Danger Theory, designes a Trojan horse detection model and algorithm based on the Danger Theory, defines the format of the Trojan antigen and resolves the problem of Trojan antigen signal acquisition; at last this paper designes and implements a immnue inspired Trojan defense prototype system, proposes and implements a method of Trojan deletion based on NTFS filesystem. This paper takes lots of experiments which use the real Trojan horse program on the Windows system. Experiments results show that the methods of Trojan detection presented in this paper have a higher detection rate and low false alarm rate on the detection of Trojan horses, which can effectively detect new and unknown Trojan horses.The novelty of the research in this paper is that applying the basic idea of artificial immune into Trojan detection areas, and proposes two kinds of Trojan detection methods. Trojan detection mechanisms combined with artificial immune theory overcome the shortcomings of traditional Trojan detection mechanisms. The new methods with diversity, efficiency, self-adaptive features of Biological Immune System have better results on the detection of unknown variants of Trojans.