The Research And Design For Multi-engine Avira And Behavior Characteristics Of Distributed Trojan Detection System

With the rapid development of information technology, major security vendors has increased the intensity of the Trojan killing, as there is a huge black interests of the chain, the Trojan makers are quick to learn new skills, change themselves, to avoid all kinds of Security Products killing. In this "spear" and "shield" in the contest, there is no absolute winner, only based on the current development of information security technology constantly updated change detection method Trojans can not smoke in this "war" has become a "victorious General"Research and Design of Distributed Trojan detection system based on multi-engine killing and behavioral characteristics in order to achieve more effective detection and identification Trojans, especially in view of the current APT attacks(ie, advanced persistent threats Advanced Persistent Threat) used high-grade Trojan. By calling a variety of well-known anti-virus software engine for known Trojan improve the success rate of killing, effectively reduce problems caused by the omission caused by killing a single engine; Through analysis of known Trojans, create detection model based on behavioral characteristics, so as to enhance the recognition rate for unknown Trojans; at the same time, through a distributed manner pluggable samples simultaneously detect multiple programs, on the one hand improve the efficiency test, on the other hand can be easily extended to achieve scalability of the system.By analyzing the actual needs of multiple clients to determine based on C / S mode, B / S mode to build distributed Trojan detection system based on multi-engine killing and behavioral characteristics, and the integrated use HOOK technology, virtualization technology, WEB technology, HTTP technology to improve the efficiency and usability of the system. According to the results of the needs analysis to determine the goal of building and contents of this system, and the system function modules, infrastructure and services are analyzed. A detailed system design and implementation, features include: automated capture and sample extraction, known multi-engine killing Trojans, Trojan suspicious degree of hazard assessment, the results of the Trojan behavior detection and judgment functions, and by automating the registration, to achieve killing and analyze virtual host automatically added to facilitate the expansion and reduce operational costs.Technically try using C / S mode, B / S mixed mode network architecture, using Microsoft SQLServer database, virtualization environment using VMWare Workstation.