| With the increasing size of the Internet and the continued expansion of the scope of application,Trojans and other malicious software are also growing threats Internet users.In the constant confrontation with defense software,Trojan horse's hiding and evasion technology is also evolving and progress.The detection efficiency of new Trojan horse based on feature matching detection technology has been greatly reduced.The detection model based on behavior pattern has always been the focus of research and is considered as the most promising method of detection.A Trojan horse network behavior detection model is proposed.Based on the advantage of recurrent neural network's ability to process sequence data,the software communication data stream is analyzed.Firstly,taking a typical Trojan horse sample as an example,the characteristics of Trojan network behaviors are analyzed.After that,the communication packets of the software are analyzed,and the effective input vectors are extracted,which reduces the data processing capacity of the data analysis system.Then,the LSTM model is established according to the characteristics of input vectors,and the effective features of input data are extracted.After that,several layers of CNN network structure are used to classify the features in a more abstract way.After building the analysis model,combining PF_RING and TensorFlow,a whole prototype system from packet capture to data packet processing to final packet analysis is implemented.Based on the laboratory hardware environment,a simulation experiment platform is built.By collecting the Trojan horse samples on the Internet,a certain amount of Trojan horse traffic data was captured,and the whole system was trained and verified by experiments.Experimental results show that the proposed Trojan horse detection system based on depth learning is effective and can judge the behavior tendency of network communication data flow more accurately under certain conditions. |
PDF Full Text Request