| Because of the natural disadvantage of computer and network system, more and more network security problems have begun to bother us, for example, the number of instruction events is creasing, and more and more personal, company and society property is lost. What's more, We found that Trojan horse made a lot of instrument events after statistic and analysis of network security events, so how to detect Trojan horse effectively had become a problem for us.We all know that Trojan horse is a kind of virus. In recently years, there are many experts have begun to research biological immune mechanism and applied it to virus detection, so it's valuable to research artificial immune system for Trojan horse detection and network security. On the other hand, the function of detecting and clearing Trojan horse had been used to updating clearing virus software which detected Trojan horse according to dynamic characteristics or behaviors of Trojan horse. This method can't detect un-awakened Trojan horses. In the widely used Windows system environment Trojan horse always exists as PE (portable Executable) file format which has many static characteristics, such as runtime characteristics, so it's important and significant to study PE file format.Trojan horse detection model which can make the detector and the Self evolve gradually was proposed based on the biological immune mechanism, in particular positive/negative selection mechanism and antibody diversity instruction system mechanism. In addition to this, another point of different from predecessors' work was that the gene of composing detector is extracted from the static information of Trojan horse PE files not the dynamic running features of it. The paper gave the implementation steps of the model and detected some Trojan horses. The experimental result showed that the model can detect Trojan horse effectively and increased the rate of detection, reduced the rate of false-negative and false-positive and had better adaptability. |
PDF Full Text Request