| With the popularization of Internet and the fast development of information technology, computer network has become an important aspect of social life. However, network security issues are becoming increasingly severe, malicious attack poses serious threat to the growth of the Internet. On the contrary, detection and containment measures to these types of attack are limited, fail to detect the endless attacks, especially facing the well-trained professional attackers who are fairly organized and premeditated, plus the inefficient security defense facility, and the low security awareness of Internet users, making the situation worse.Malware detection techniques can be divided into host-based and network-based, this paper mainly focuses on studies of host-based deep hidden Trojan detection techniques. Traditional methods to combat malware fall into three categories: signature match, host behavior monitor and heuristic analysis. These methods are efficient to detect general malware, and can prevent the spread to a certain degree, but when facing the deep hidden Trojans, they become powerless.In this paper, based on the in-depth analysis of operating mechanism of deep hidden Trojan, through system integrity check, hidden resources detection methods and so on, to make an assessment that whether an Operating System is infected by deep hidden Trojan. During the evaluation process, a combination of cross-view detection and correlation analysis is adopted, together with the in-depth exploration of the underlying mechanism of Windows system, and the advantages of the traditional detection methods to construct a complete and comprehensive detection mechanism. Besides a detection system mechanism, complete system design, coding and testing are done, which help verify the detection mechanism in practice. This paper makes a summary on the relevant principles of malware, key technologies and detection methods, and focus mainly on the detection of deep hidden Trojan, which achieved the following three contributions:1. Research and assessment of traditional Trojan horse techniques and its corresponding detection techniques. Assessment of malware especially the Trojan horses techniques, its damage and development trend, besides the assessment of the corresponding detection techniques is made, the defect analysis of detection technology and improvement strategies are put forward, which make great significance for system analysis and the detection of malware.2. Research and assessment of the principle of deep hidden Trojans. First some key aspects of Trojan horse like the operating mechanism and life-cycle are analyzed, then focus on assessment of hidden techniques and the interference to system resources by the deep hidden Trojan.3. Detection techniques of the deep hidden Trojan. Based on the analysis of popular detection techniques, and combined with detection methods like cross-view methodology, correlation analysis and system integrity analysis, make an effective detection system for deep hidden Trojan. Experimental results show that the system has a higher detection rate, lower false positive rate compared with traditional detection systems, and the quantitative analysis is produced at the same time. |
PDF Full Text Request