Title :
The Detection of Trojan Horse Based on the Data Mining
Author_Institution :
Sch. of Comput. & Commun. Eng., Tianjin Univ. of Technol., Tianjin, China
Abstract :
Trojan horse is a serious security threat to computer network. Traditionally, Trojan Horses are detected using file´s dynamic characteristics or behaviors. However, these methods are not available for unknown or un-awakened Trojan horses. Trojan horse always exists as PE (Portable Executable) file format in the Windows system environment, and the PE file has many static characteristics, which contains many runtime characteristics. In this paper, a new detecting method based on PE file´s static attributes is proposed, and intelligent information processing techniques are used to analyze those static attributes, such as decision tree, BP network and Finite State Machine. Further, a detection model is established to estimate whether a PE file is a Trojan horse. This thesis is prepared to value the static Trojan characteristic and build a new way to detect the Trojan horse by using the PE file static characteristics.
Keywords :
data mining; information analysis; invasive software; operating systems (computers); PE file static attribute; Trojan horse detection; Windows system environment; backpropagation network; computer network security threat; data mining; decision tree; finite state machine; intelligent information processing technique; portable executable file format; Computer networks; Computer security; Data mining; Data security; Information analysis; Information processing; Intelligent networks; Invasive software; Machine intelligence; Runtime environment; Trojan horse; behaviors; detect; dynamic characteristics; security;
Conference_Titel :
Fuzzy Systems and Knowledge Discovery, 2009. FSKD '09. Sixth International Conference on
Conference_Location :
Tianjin
Print_ISBN :
978-0-7695-3735-1
DOI :
10.1109/FSKD.2009.354
