Dynamic Trojan Horse Detection Technique Based On Detours Library

Posted on:2012-03-10

Degree:Master

Type:Thesis

Country:China

Candidate:W W Huang

Full Text:PDF

GTID:2218330362950429

Subject:Computer Science and Technology

Abstract/Summary:

PDF Full Text Request

At present, computer network security is confronting with sever challenge. Kinds of network attacks are threatening the security of users'data and information, such as Trojan, virus, warm and so on. Especially, Trojan technique is updating day by day. Trojan has caused great damage. So it is necessary to research into Trojan detection technique.First of all, research into several main Trojan detection methods both at home and abroad was done in this paper. These methods can be marked off into two kinds: static detection and dynamic detection. The purpose of this paper was looking for a new dynamic detection technique which can make up for the flaw that Trojan may cause damage to user's system in present dynamic detection methods.The basic knowledge of Trojan technology was researched and the possible Trojan behavior features were analyzed. There are three ways to get Trojan behavior features. For getting Trojan behavior features more efficiently, this paper analyzed the separate features of the three ways and decided to use Detours library to get Trojan behavior features finally. Then, decision tree which is one of data mining classification algorithms was researched. This paper analyzed how to use decision tree to detect Trojan dynamically. In this paper, ID3 algorithm and C4.5 algorithm were studied emphatically. Both of them are decision tree building algorithms. C4.5 algorithm did some improvement in ID3 algorithm. In this paper C4.5 algorithm was selected to build the decision tree. A dynamic Trojan detection system based on Detours library was designed. This system used Virtual Machine as runtime environment of unknown files to guarantee the system security.This system could automatic detect unknown file in bulk and has good expansibility. More important, it could work ahead. User could refer to the detection results for handling unknown files, which helped to reduce damage to a bare minimum caused by running Trojan files. Final experiment had proved that in windows system, this system could detect Trojan efficiently.

Keywords/Search Tags:

Trojan, Detours library, dynamic detection, C4.5 algorithm, Decision tree

PDF Full Text Request

Related items

1	The Study Of Dynamic Embeded Trojan Horse Detection
2	Research On Trojan Horse Detection Technology Based On Communication Behavior Analysis
3	Classification For Webpage Trojan Detection Based On Dom Modeling
4	Classification For Webpage Trojan Detection Based On DOM Modeling
5	Research On The Book Acquisition Decision Model Of University Library Based On Decision Tree Algorithm
6	Packed File Detection And Trojan Horse Recognition Based On Pe Files
7	The Detection Of Trojan Horse Based On The File's Static Characteristics
8	Precaution And Detection On Remote Control Trojan Program
9	The Research On The Theory And Technique Of Protection Against Trojan Horse Attack
10	Research And Implementation Of Trojan Detection System Based On Behavior Monitoring