Research On Trojan Program Mechanism And Defending Measure

Along with the rapid development and wide application of the computer and network technology, Internet is now finding its way deep into every corner of society. While people are fully enjoying the great convenience brought by network technology to their work and life, they become increasingly dependent on computer systems and information networks. However, on the other hand, more and more network security issues came up and haunted us due to the intrinsic vulnerability of the computer systems and information network systems. Society, enterprises and individuals have suffered a lot from endless hacker invasion and various viruses. Nowadays most computers have had a link to the internet so that the network became the major threat. Network intrusion tools (such as worms, Trojan horse, etc.) emerge in endlessly.The paper studies the mechanism of the Trojan program. Trojan program is a special kind of computer program and its role in a computer is monitoring the computer which is implanted with Trojan by another computer. Trojan program structure is a typical client/server model. In the early period, Trojan is easy to design and it only needed to be implanted into computer, then it can control a computer through the link given that people open a backdoor (port) for it. Trojan horse with opening port is relatively easier to be detected by users or Trojan removal tools. There came the third-generation Trojan. ICMP Trojan horse is one of these kinds. It does not need any port to communicate so it can successfully bypass the firewall and effectively avoid being eliminated by Trojan removal tool. The Trojan controlled by website is actually of C/S architecture except that its process is not directly linked to client server communication procedures but through the middle layer. In this paper, the writer further studies the means of attack used by a Trojan program, and illuminates the corresponding Trojan program exploitation technology.In order to study the characteristics of Trojan program further, the paper puts forward a Linux-based Network Intrusion Detection System design and implementation. In this part, it is consisted of a discussion on the system architecture of the model and a description of each module, including network packet capture module, network protocol analysis modules, storage modules, rules analysis module, intrusion detection module, incident response modules and interface management module. Network-based intrusion detection system is based on network traffic, network protocol analysis and packet data to detect intrusion. Data packet capture module, in accordance with certain rules captures security-related packets from the network access, analysis of the invasion and then transmits to the safety analysis of engine modules. Network intrusion detection module will analyze the package from data packet capture modules and combine network intrusion rule database, and then transmit the results to the system management module. Management Module's main function is to manage the allocation of other modules and then the network administrator will be effectively informed by the result of the analysis enginesIn the last part of this paper, we use the intrusion detection system to test the Trojan program and its crimes. By testifying/verifying the process of mechanism and Trojan's attacking means, it can be seen that this paper has achieved the desired objectives. The network intrusion detection system designed and implemented in the paper is proved to be practically useful.