Research On Trojan Horse Behavior Detection Technology Based On Speed-up K Nearest Neighbor Algorithm

With the rapid development of Internet technology,cyberattacks are full of our lives.The improvement of hacker technology makes it difficult for traditional protection methods to effectively cope with the diverse Trojan attacks.In view of the problems of poor universality and long detection time for existing Trojan detection methods,it is of great significance to design an efficient Trojan detection scheme to further improve the efficiency of detection.Combining the advantages of K-nearest neighbor algorithm and Kmeans algorithm,a speed-up K-nearest neighbor classification algorithm CBBFKNN for Trojan behavior detection is proposed.The CBBFKNN classification algorithm uses the ultra-long rectangular area division idea to reduce the dimensionality of the sample data in the training set.The Kmeans algorithm is used to cluster the reduced-dimensional sample data,and the simulated annealing algorithm is introduced to determine the optimal clustering center to avoid the Kmeans algorithm falling into the local optimal solution when selecting the cluster center.The kd-tree is constructed on the compressed sample set.Using the idea of the BBF algorithm,the distance between the training sample and the sample to be tested on the query path is recorded in the query process,and the K training samples with the highest priority are backtracked to determine the type of the sample to be tested.Then based on CBBFKNN classification algorithm,a Trojan behavior detection scheme is proposed.The "core module extraction behavior feature module" is implemented by WinSock,and the "core module classification processing module" is implemented by CBBFKNN classification algorithm.The accuracy rate,misjudgment rate,missing rate and the time of detection is used as an evaluation criterion for the Trojan behavior detection scheme.In order to verify the validity of the CBBFKNN classification algorithm,the algorithm is verified in the Iris data set.The results show that the CBBFKNN classification algorithm can reduce the classification time with less loss of accuracy.In order to verify the effectiveness of the Trojan behavior detection scheme,the extraction behavior feature module and the classification processing module are verified respectively.The experimental results show that the extraction behavior feature module can effectively intercept the data traffic in the local area network.The classification processing module can guarantee higher accuracy,lower misjudgment rate and missing rate compared with SVM,naive Bayes and K-nearest neighboralgorithm in less time.It verifies that the Trojan behavior detection scheme based on CBBFKNN algorithm has certain feasibility and effectiveness.