Design And Implementation Of Detection And Alarm System Based On Behavioral Characteristics Of Trojans

With the increasing popularity of network and rapid development of computer technology, "Computer Virus", "Trojan" and "Dove Gray" have become known by the public. More or less, people have encountered network attacks such as "Game Thieves", "Password Lose", "Stolen of Important Data". Network not only brings us convenience and happiness but incurs threats. Network security has become a pressing practical problem.Trojans are quite different from viruses. The design of virus focuses on concealment, pervasion, spreading and destruction, while the design of Trojan concentrates more on the aspects of the specialty, concealment, control, anti-detection and anti-uninstallation. The traditional firewalls and anti-virus products mainly depend on signature -based technique, so it is hard to detect and erase unknown Trojans. Hence, there should be a new roadmap to detection Trojans.Based the background above, we analyzed one major threat of network security: Trojans as well as their principle, implementation, damage and development, traditional anti-virus techniques and corresponding drawbacks. Based on this, we designed and implemented a new, behavior-based Trojan detection and alarming system. Our main contributions of this thesis are:1.Analyzed and summarized the classification, principles, key implementation mechanisms, and advanced self-protection means of Trojan.2.Analyzed and summarized the development, principles and techniques of anti-Trojan approaches.3.Analyzed and compared current anti-Trojan techniques, and point out their merits and shortcomings.4. Designed and implemented a new behavior-based Trojan detection and alerting system in Windows platform.5. Discussed design principle of the system and various key techniques: including comprehensive behavior analysis, file system hooks, Irp packet capture and analysis, kernel driver monitor etc. 6: Made a test on the key parts of our system, while giving the testing data. The test results showed that our system could effectively detection unknown Trojans.