A Kind of Improved Detection and Prevention of Trojan Horse Based on Attack Tree
Trojan horse is a kind of procedure with potential threats and it will cause different degrees of harms to computer, so it is an important thing of detecting and preventing it. Through the analysis of the PE file of one procedure extracting its API call order and cut it to k-length API sequences. Matching these API sequences with attack tree then computing the probability and vicious weight on every node of the tree, at last we compute the danger coefficient on the root node and the similarity degree with Trojan so as to judge the possibility of the target if it is a Trojan horse or contains Trojan horse. Then detect and prevent Trojan horse attack accurately.
KeywordsAPI short sequence attack tree danger coefficient Trojan horse detection
Unable to display preview. Download preview PDF.
- 1.Guangjun, H., Weihang, S., Aiguo, X.: Behavior Sequence Based Grey Fuzzy Determinant for Computer Trojan Detection. Journal of Beijing University of Technology 31(5), 567–571 (2011)Google Scholar
- 2.Sehneier, B.: Attack Trees: Modeling Security Threats. Dr Dobbs Journal 24(12), 21–29 (1999)Google Scholar
- 3.Xiaoyan, W., Cong, J.: On the PWC. Unknown virus detection method based on the Win32 API and SVM. Computer Engineering and Applications 47(7), 125–128 (2011)Google Scholar
- 4.Yan, Y., Hao, H.: Detection method of Trojan Horse based on attack tree. Computer Engineering and Design 29(11), 2711–2714 (2008)Google Scholar
- 5.Ga, X., Dayuan, C.: A Study on Detection-Oriented Attack Classification and Attack Tree Generating Algorithm. Journal of Beijing University of Technology 23(3), 340–344 (2003)Google Scholar
- 6.Shuo, W., Jiliu, Z., Bo, P.: Unknown virus detection based on API sequence and support vector machine. Computer Applications 27(8), 1942–1943 (2007)Google Scholar
- 7.Hui, W., Shufen, L.: A Scalable Predicting Model for Insider Theat. Chinese Journal of Computers 29(8), 1346–1355 (2006)Google Scholar
- 8.Zaobin, G., Ping, W., Songfeng, L.: Information system security risk evaluation based on attack tree. Application Research of Computers 24(11), 153–160 (2007)Google Scholar
- 9.Wei, H., Changhong, Z., Mingtian, M.: Design of a Detection System of Trojan Horse based on Monitoring Dynamic Behavior. Fire Control and Command Control 35(2), 128–132 (2010)Google Scholar
- 10.Weiwei, L., Yong, S., Yu, G.: A Malicious Code Detection Method Based on Integrated Behavior Characterization. Electronics 37(4), 696–700 (2009)Google Scholar
- 11.Chunming, Z., Tianping, C., Xinyuan, Z.: A Method of Evaluating Network System Risk Events Probility based on attack tree. Fire Control and Command and Control 35(11), 17–22 (2010)Google Scholar