| Network security is an integral Informatics parts and Trojans analysis and detection technology is the most important field of network security. Today, the vast majority of computers and even mobile phones are equipped with a variety of software for Trojan detection and killing. This article is mainly for research analysis and detection methods for the Trojans under Windows system, but Trojans in the Windows system must be present in the form of PE files first, then can be possible to achieve further intrusion computer for illegal purposes. Typically it can not.be ignored in the process to determine whether a PE file bas been packed. So this paper also made a series of studies on methods deal with packed PE files.Firstly, in this paper made a detailed description and analysis on Trojan at home and abroad, proposed basic methods for Trojan detection, both dynamic detection and static detection.Secondly, the paper describes in detail the organizational structure, analytical methods and block properties of PE files. For further propose of extract classification feature and all kinds of useful information from the PE files.Then, introduces a method for identifying packed PE file.This method is primarily based on the calculation of related properties Minkowski distance of PE files. Because compare packed PE files with unpacked PE files a particular property has some significant differences. The experimental results show that this method can effectively detect packed PE files and more accurate than PEidFinally, this paper proposes a Trojan static detection method based C5.0decision tree algorithm. The algorithm made the various attributes extracted from the PE files as a classification feature, combined with efficient boosting algorithm. While the PE files first unpacked with PEid software then adopt further process. Experimental results show that this method has its merits in some respect. |
PDF Full Text Request