Research And Implementation Of Trojan Detection System Based On Behavior

With the development and popularization of the Internet technology, there is a huge security risk, Trojan horse was rampant in the extreme and their technology was updated unceasingly, so the research of Trojan detection has the great significance and value.In this paper, firstly today's domestic and foreign Trojan Detection Technology is Researched, based Trojan behavior detection technology is adopt, the focus of research is making a summary of the Trojan behavior in detail and constructing the library of Trojan behavioral.In the base of the theory, paper designed and implemented a based Trojan behavior detection system. It narrates the design of system architecture, the design of system function module and the design of the library of Trojan behavioral. The system function module includes the Control Center module, the Network Communication Detection module, the Process Detection module, the File Detection module and the Regedit Detection module. The discussion of each module includes the principle of operation, the diagrams of framework structure and flow-process diagram. Finally, according to the behavior which is obtained the functional modules, and making use of the library of Trojan behavioral, the system give the determine results.Some of the key technology research is described in detail. First, we research two key technologies which the network communication modules used: Winsock 2 SPI technology and NDIS HOOK technology, including technological Basic Knowledge and characteristics, and then describes the implementation of two network communications modules. The module which based on SPI HOOK (Nmsock.dll) first introduced to the principle, and then introduced the implementation of intercepting network packets and the implementation of analyzing the network packet. The module which based on NDIS HOOK (Nmdriver.sys) first introduced to the principle, and then introduced the implementation of intercepting network packets, the implementation of analyzing protocol and the implementation of analyzing the network packet.Finally, the system has been a wide range of test, the results of test show that the system can meet the requirements and it is accurate, through the analysis of test results raised the prospects of future work.