Research On Trojan Detection Technology Based On Non-Linear SVM

With the rapid development of Internet, computer technology plays an increasingly important role in people’s daily lives. Computer technology meets people’s demand for convenient life greatly, but the issue of information security has become increasingly prominent. Hacker attacks, computer viruses and Trojans pose a serious threat to the security of users’information.Trojan is a kind of latent malicious program, which aims to control the Trojan server (the client) to steal users’information such as password of bank card, important documents, etc. Trojan has become one of the most common techniques in attacking computers with its concealed, various means of attacking and great perniciousness. Therefore, studying on Trojans’working mechanism and analyzing the key techniques to put forward an effective Trojan detection method have important practical significance.We propose the nonlinear SVM Trojan detection method based on feature selection optimization algorithm. Our main research work includes the following three parts:(1) We establish the nonlinear SVM classifier with good performance based on the feature selection algorithm. By analyzing the lacking of mutual information algorithm, we introduce a new computational method with a negative correlation factor to calculate the value of mutual information. The nonlinear SVM classifier extracts the API (application program interface) call sequences of an executable program as a feature vector. Then we choose the high-sensitive characteristics which are quantized into data recognized by SVM to build the SVM feature vector library through the feature selection optimization algorithm. We use the method of TFIDF when quantizing the features. SVM classifier is trained with the training dataset to find the optimal separating hyper plane, i.e. classifier of good performance.(2) We obtain the optimization parameters of the nonlinear SVM classifier by using particle swarm algorithm. We do research about the influence of parameters on classification results and the role of inertia factor ω in current particle swarm optimization algorithm. A new particle swarm optimization algorithm is proposed in this paper. This optimization algorithm let inertia factor ω to adjust its value when the value decreases linearly by referring to the degree of optimization. We use the improved algorithm of particle swarm to get optimization parameters of the nonlinear SVM. After that, a classification decision function is obtained with an optimal combination of penalty factor C and kernel width o. Unknown programs are classified by the classifier, so we can know which program is Trojan.(3) Trojan detection method proposed in this paper is tested by the testing dataset. On this basis, we statistic the experimental data and analyze the experimental data.Experimental results showed that the proposed Trojan detection method based on non-linear SVM effectively improve the detection rate and reduce the false negative rate.