The Research On Trojan Detection Technology Based On Extended Attack Trees

With the development of Internet technology, network security issues are increasingly a cause for concern. In recent years, hacking incidents frequently occurr, network attack behaviors are converting from the purpose of merely destroying to grabing economic benefits. Black industry chain is gradually formed. The malicious programs dominated by Trojans swamped and have caused great harm to people’s production and life.At present, many kinds of Trojan detection technology prevail in the field of network security and some of them have been successfully applied in the Trojan detection tools. But with the development of Trojan technology, various of new types, free-kill Trojans with advanced technologies are emerging. This brings great hardship to Trojan detection. Overall, both Trojan technology and Trojan detection technology have win development in the struggle with each other. But the Trojan detection technology has always lagged behind the development of the Trojan technology. So it is of great theoretical and practical significance to further improve Trojan detection technology and develop the Internet security.This thesis presents a Trojan detection technology based on extended attack tree. By analysing the API sequence Trojan needed to complete specefic functions, We construct Trojan extended attack tree as the dadabase to describe the Trojan’s behavioral characteristics. When Trojan detection is performed, PE file which be detected will be matched with the extended attack tree. We use appropriate calculation methods to calculate the static risk index. By comparing the static risk index, we can make judgement whether the PE file being detected is a Trojan.The main work of this thesis is:(1) Study the related principles and techniques of Trojan attacks and analyse the main Trojan detection technologis and their advantages and disadvantages.(2) Introduce the related theories of attack trees and study the application of extended attack tree in Trojan detection technology. Propose some improvement measures to the existing Trojan detection technology based on extended attack tree, and creatively propose the new Trojan detection method combined the static and dynamic method.(3) Design and develop the Trojan detection program based on extended attack tree include the static Trojan detection program and dynamic behavior monitoring program, and do some experiments to test it. By comparing the Trojan detection program with that of unimprovement and with other Trojan detection tools. its accuracy and superiority be confirmed.