Research On Trojan Horse Detection Based On Behavior And Bayes Sorting

There are tremendous valuable resources restored on Internet which attract lawbreakers all around the world, they have devoted themselves to developing different kinds of hacker's technique involved Trojan horse, the most commonly used technology to get or destroy these precious resources all the time, theft of information and intrusion of network all the way. Meanwhile facing the endless network attacks, with high false positives rate and low detection rate, Trojan defender research is powerless and still in a passive defensive phase. By analyzing and summarizing Trojan's behaviors and take advantage of the latest achievements of artificial intelligence and data mining to detect Trojan (especially undefined Trojan), behaviors analysis technology has become the most popular detection approach. However, the current research on behaviors analysis is still at an elementary level, detection system based on it is not that reliable due to the relatively high false negative rate. Therefore, it is vital to make further study on the behaviors of Trojan, and summarize their behavioral characteristics, pick up appropriate intelligent classification algorithms to enhance the detection rate and reduce the false rate.By summing up the normal behaviors of Trojan to establish behavioral characteristics database, concentrating on the improvement of Bayes classifier and technology of behavior-based Trojan horse detection, the main contents of this paper are as below:(1) Establishing behavioral database, using API HOOK extracting programs' behaviors getting programs' characteristics vector.(2) Analyzing modified classification algorithms to make it more suitable for classification, taking a comprehensive account of the redundancy, relevance, feature weight, and systemic risk VL which is closely related to the class probability, width?as well, and then according to the evaluated consequence to decide the start of the adaptive decision feedback model so as to adapting to the evolution of behavioral traits.(3) Come up with a new Trojan detection model. This new model takes full use of modified Bayes classifier, taking behavior feature vector as the input value, and also at the end of the paper, with the collected Trojan programs set, this thesis has conducted series of experiments to prove the feasibility and effectiveness of the detection model, and all these work may provide some worthy references for Trojan detection technology based on behavior analysis.