| In recent years,with the development of the technology of computer and network,people will more and more depend on network and the network security problem increasingly highlights.Trojan puts more and more threat to people's lives.Thus,Trojan analysis is an important method for detecting and preventing threats of Trojan.Artificial analysis of Trojan becomes very difficult and complex.In the actual application scenario,in addition to the analysis of the behavior of the external of Trojan,the security researchers also concern about the homology of the Trojan and historical evolution and other inherent characteristics,such as where Trojan comes from,how to evolve and develop and the relationship between them.The Trojan homology gradually becomes an important means of computer network crime evidence.Therefore,the study of Trojan homology becomes a hot topic in recent years.At present,there are only a few literatures as regards to the homology analysis of Trojan.Basing on the study of relevant literature,the thesis integrates the relevant theory and proposes the Analysis Model of Trojan Homology(AMTH),which adds the characteristic fingerprint of Trojan homology analysis comparing with other analysis models or systems.This thesis expatiates on the abstract mathematical principles in the model,and points out the two technical difficulties such as characteristic extraction and the key characteristic fingerprint selection and two key technical issues which need to focus on researching: the characteristic fingerprint similarity measurement and the Trojan sample clustering.On the basis of proposing homology analysis model,the thesis studies the static analysis technique and dynamic analysis technique and sets the PE file,import function and Windows API as the static and dynamic analysis point to analysis the Trojan.The thesis studies the method of selecting and locating the key characteristic fingerprint of Trojan and the method of similarity measurement to measure the fingerprint's similarity,which can be used to measure the homology of Trojan sample.The method of Trojan sample clustering by hierarchical clustering technique is put forward.The prototype system based on AMTH model to analysis the homology of Trojan is designed.The system mainly includes the control center module,the characteristic fingerprint storage module,the single fingerprint analysis module,the multi-fingerprint analysis module,the single sample analysis module,Multi-sample analysis module and fingerprint database of the Trojan characteristic.There are one hundred and thirty-one samples of Trojan which were selected to test the prototype system based on the model.The results show that the prototype system can classify the same family of Trojan and distinguish the different types of Trojan,which indicates that the model possesses a good practical effect. |
PDF Full Text Request