| Internet has greatly changed people's life and work, it brought in terms of convenience and benefits to people. At the same time, the network also makes some criminals. The most typical event is the use of Trojan and computer virus, etc. Because of its simple, fast speed, diversity and destruction, Trojan has become as a means of criminals for profits, it has made a lot of threats to people's life. Therefore, the defense and detection for Trojans seems very important and necessary, especially on Internet.At present, the detecting technology of Trojan can be divided into static and dynamic detection. The static detection technology is to extract the features of the Trojan, matches it with the suspicious codes and judges whether it is a Trojan program. However, static detection technology can not find the newest and variant Trojan, it also needs to update the feature database regularly. To solve above problems, behavior characteristics analysis technology for Trojan is proposed, and it has become a hot topic in field of information security. Due to the fuzziness of behavior, there are false positives and missed detection for behavior characteristics analysis technology, and it can not detect Trojans completely. For the complex behavior analysis process and the computational complexity, the behavior analysis technique focuses to improve the Trojan detection efficiency and reduce the amount of calculation.This paper firstly analyzed the Trojan attack technology based on Windows operation system. Secondly, it also analyzed the suspicious behavior in Trojans detection by using the statistical average algorithm. Finally, this paper adopted the checksum algorithm to reduce the missed detection rates for behavior analysis. The experimental results show that the designed Trojan detection system based on statistical average and check-sum calculation can effectively detect Trojan attack behavior and reduce the missed detection rates for behavior characteristics analysis. The main work of this paper is as follows:1. The paper analyzed the current Trojan detection technology and illustrated their working principle. It also analyzed the suspicious behavior by using the statistical average algorithm and then determined the existing of malicious attack behavior.2. This paper also designed the Trojan detection system based on the check-sum and behavior analysis. The missing detection rate is reduced by using the statistical average and the check-sum algorithm.3. The prototype system for the Trojan behavior detection technology based on the statistical average and the check-sum is tested, and the test results and corresponding analysis are also given. |
PDF Full Text Request