Analysis And Design Of The Behavior-Based Trojan Detection System

Along with the rapid development of the computer network technology and the deepening of information socialization level, new media as internet has greatly pushed society development and changed people’s life. However, just because of the openness of the network, the existence of loopholes in the operation system and application software can be easily used. As a result, Trojan horse and virus spreads vastly and increasingly, especially when driven by interests, some countries, non-governmental organizations and hacker groups widely use Trojan horse to attack network and steal a lot of secret information. Governments, companies and users suffer severely on escalading losses. Computer network security has become the focus of public attention.As Trojans attack happens widely and frequently, Trojan Detection, a very important aspect in network security technology, is more and more taken seriously by network security engineer. Currently, Trojans appear abnormally active and bring more and more severe damage to us. Traditional methods using signatures to detect and remove the Trojans definitely lag behind Trojans appear. How to quickly detect Trojan, effectively prevent its damage in advance, and ensure the computer and information system security, has become an urgent topic needed to be resolved.This essay’s main work is as followed:1. Summarizes Trojans detection technology. It introduces basic conception as the Trojans definitions, functions, theory and categories, analyzes common attack methods of Trojans as well as their spreading approaches.2. Studies Trojans communication hiding, seif_hiding and hiding Technology principles and emphasizes on Trojans detection technology.3. Designs a detection system for unknown Trojans based on behavior analysis. Designs a system architecture and two important subsystem in detail including stand alone subsystem and Domain name dynamic analysis subsystem. While designing Domain name dynamic analysis subsystem, puts forward the behavior analysis technology using Trojans "Heartbeat characteristics" to find unknown Trojans.