Research And Practice Based On Survivability Of Trojan Horse

Trojan horse technology is one of the popular network attacking technologies, and plays an important role in the attacking process. After penetrating the target system, it will use many kinds of concealing technology to hide their attacking trace in order to enhance its survivability. The survivability of Trojan horse is the embodiment of survival ability and the essential of concealing.It determines the life cycle of Trojan horse and impact level of target system. Researching the survivability is significant to defend Trojan horse attacking, reduce the loss of network, and protect the kernel information system.In this paper, the survivability of Trojan horse is systematically analyzed based on"National E-government Information Security Protecting Framework".Firstly, taking account of Petri Net and multi-agent system, a new framework of Trojan horse MATH(Multi-agents Trojan horse)is presented, whose purpose is improving the survivability of Trojan horse.As the same time, the quantitative method of the survivability is studied, and the quantitative index system for computing the survivable degree of Trojan horse is established using Analytic Hierarchy Process.Then, a Trojan horse prototype based on MATH is designed.The prototype uses dividing-work and cooperating between multi-agents. It integrates the kernel concealing with remote controlling of the application level, and changes adverse circumstances of the most current Trojan horses, which take use of passive concealing for the survivability. Excepting comprehensive and kernel concealing, the survivability of Trojan horse prototype is enhanced through protecting, active eliminating and so on.Researching of behavior conflicts and testing of the prototype shows that: The current detecting tools'individual behavior can't defend the attacking from the clustering behavior of the MATH's prototype. In order to make up the shortage of individual behavior, the cluster's cooperating behavior of detecting tools should be emphasized in the research on detecting technology. Otherwise, the detecting tools would be passive in the future conflicts between attacking and defending. The current detecting technology of Trojan horse is analyzed at the last part of the paper.The innovations of this paper are as follows: (1) researching the survivability of Trojan horse based on behavior conflicts, then introducing the concept of survivable degree, and giving primary computing way.(2) bringing out a new framework of Trojan...