Title :
Detection of Trojan Horses by the analysis of system behavior and data packets
Author :
Gudipati, Vamshi Krishna ; Vetwal, Aayush ; Kumar, Varun ; Adeniyi, Anjorin ; Abuzneid, Abdelshakour
Author_Institution :
Univ. of Bridgeport, Bridgeport, CT, USA
Abstract :
Trojan Horse is said to be one of the most serious threats to computer security. A Trojan Horse is an executable file in the Windows operating system. This executable file will have certain static and runtime characteristics. Multiple system processes in the Windows OS will be called whenever a Trojan Horse tries to execute any operation on the system. In this paper, a new Trojan Horse detection method by using Windows Dynamic Link Libraries to identify system calls from a Trojan Horses is explicated. Process explorer is used to identify the malicious executables and to determine whether they are Trojans or not. Further, an attempt made to study the network behavior after a Trojan Horse is executed using Wireshark.
Keywords :
invasive software; operating systems (computers); Trojan Horse detection method; Windows OS; Windows dynamic link libraries; Windows operating system; Wireshark; computer security; data packet analysis; executable file; process explorer; system behavior analysis; Computers; Monitoring; Protocols; Software; Trojan horses; Process Explorer; Trajan Horse; Wireshark;
Conference_Titel :
Systems, Applications and Technology Conference (LISAT), 2015 IEEE Long Island
Conference_Location :
Farmingdale, NY
DOI :
10.1109/LISAT.2015.7160176
