| With the development and popularization of the Internet technology, Trojan horse was rampant in the extreme and their technology was updated unceasingly, it impacts the internet security seriously, and threats the internet users, the research of Trojan detection has the great significance.In this paper, firstly today's domestic and foreign Trojan Detection Technology is Researched, by comparing and analyzing, based Trojan behavior detection technology is adopt, and this technology is researched as the main technology.Trojan behavior detection technology is researched before, the basic Trojan technology is researched. First, the knowledge of Trojans, including the concept of Trojan, the function and features of Trojan, the classification of Trojan, the principle of work of Trojan and Trojan hazards. Then focused on Trojan technology, including the implantation, self-starting, hidden and network communication technology.In the base of the theory, paper designed and implemented a based Trojan behavior detection system. First, the requirement analysis, it includes background, environment, functional requirements, feasibility and innovation. It narrates the design of system architecture, the design of system function module. The system function module includes the Control Center module, the File static Characteristics module and the File dynamic behavior Characteristics module. Each module includes the working principle and the chart of the framework.Base of system design, the function of each module is researched. The technology is described in detail. The principle of the Control Center module is described in detail; file static characteristics modules, the structure of PE files and extracting the characteristics of a suspicious behavior are reached firstly; file dynamic behavior characteristics modules includes three sub-modules: the principle of the File Detection module and the principle of the Registry Detection module are described, the chart of two sub-modules is given, the Network Detection module is the system's important object, the NDIS HOOK technology is reached, it includes basic knowledge and characteristics, and then the paper introduces the principles of Network Detection module and the processes of this module. Finally, the system has been a wide range of test, the results of test show that the system can meet the requirements and it is accurate, through the analysis of test results raised the prospects of future work. |
PDF Full Text Request