Trojan Detection Technology Based On Fuzzy Behavior Analysis

With the rapid development of computer network technology, information network hasbecome the important pillar of social development, there are a lot of them because of thenetwork information is sensitive information, and even state secrets, so the hard to avoid canattract trojans, from all over the world to steal the user’s important information, the detectiontechnology of Trojan horse are insufficient and defect in many respects, especially forunknown Trojan detection difficulty is self-evident. Traditional detection model in the processof testing is failed to consider the uncertainty of network attacks, resulting in the increase ofthe rate of false positives. Misuse detection system of expert knowledge base of self-studyhabit and adaptability can well make up the defects of the traditional detection technology.The establishment of the fuzzy behavior library to a certain extent, also consider theuncertainty of aggressive behavior, to improve detection ability. In this paper, on the basis ofin-depth study behavior analysis algorithm, the fuzzy behavior analysis in the process of thelibrary is applied to the Trojan detection, mainly done the following research work:(1) study the Trojan development history and the current situation at home and abroad,explains the Trojan detection principle and working mechanism of classifying attackscharacteristics of common trojans, comparing the difference between static detection anddynamic detection technology, and analyze the advantages and disadvantages.(2) interpretation of misuse detection is for known attacks (similar) and indirect violationof system security strategy behavior detection, attack knowledge base is often is the basis ofthe misuse detection system defects. Combined the technology of Trojan detection based onbehavior analysis of common principle and algorithm, design to realize the fuzzy behaviorlibrary, analyses the importance of these algorithms in the Trojan detection and practicality.(3) the establishment of the fuzzy rules of behavior of research process, the traditionaldetection algorithm based on feature codes based on behavior is proposed on the basis of theanalysis of the Trojan horse detection model, the fuzzy behavior analysis module analysisresult to blur, eventually make detection model were improved.(4) to build a virtual network environment, the whole model test. Prove that the fuzzybehavior analysis algorithm in improve the detection accuracy and reduce the rate of falsepositives both can obtain good effect...