| Along with the computers and network communications to represent the rapid development of information technology, Modern government departments, military industry, financial institutions and commercial organizations have become more sophisticated to network security requirements. In the case of ever-changing types of malware and endless attacks methods, establishing reasonable and rational inspection system and developing effective detection system is the focus of information confidentiality.This article studies the behavioral characteristics of normal application and malware in network communication, break the traditional signature-based detection ideas, make on a new malware detection method based on the analysis of network behavior. First of all article discussed the traditional signature-based detection method, pointed out its low compliance defects in complex network environment and low performance defects in high-speed network environment. And then discussed the behavior-based analysis system object model and detection method, Based on deeply understanding network protocols, This system established some object model, such as packet, connection, cluster, node, session and so on. Give in-depth action analysis to network data flow based on object models mentioned above. Give a series of top behavior events. Finally, this article detailed the concrete implementation of the Trojan Intrusion Detection System. And do a system test and analysis of experiment results.Experiment results show that the Monitoring System can accurately and efficiently identify unsafe connections which are controlled by the host in external network, System also achieve real-time processing in high-speed network environment, has good usability and application effectiveness. |
PDF Full Text Request