A Kind of Improved Detection and Prevention of Trojan Horse Based on Attack Tree

  • Peiyu Liu
  • Bingru Niu
  • Zhenfang Zhu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8351)


Trojan horse is a kind of procedure with potential threats and it will cause different degrees of harms to computer, so it is an important thing of detecting and preventing it. Through the analysis of the PE file of one procedure extracting its API call order and cut it to k-length API sequences. Matching these API sequences with attack tree then computing the probability and vicious weight on every node of the tree, at last we compute the danger coefficient on the root node and the similarity degree with Trojan so as to judge the possibility of the target if it is a Trojan horse or contains Trojan horse. Then detect and prevent Trojan horse attack accurately.


API short sequence attack tree danger coefficient Trojan horse detection 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Guangjun, H., Weihang, S., Aiguo, X.: Behavior Sequence Based Grey Fuzzy Determinant for Computer Trojan Detection. Journal of Beijing University of Technology 31(5), 567–571 (2011)Google Scholar
  2. 2.
    Sehneier, B.: Attack Trees: Modeling Security Threats. Dr Dobbs Journal 24(12), 21–29 (1999)Google Scholar
  3. 3.
    Xiaoyan, W., Cong, J.: On the PWC. Unknown virus detection method based on the Win32 API and SVM. Computer Engineering and Applications 47(7), 125–128 (2011)Google Scholar
  4. 4.
    Yan, Y., Hao, H.: Detection method of Trojan Horse based on attack tree. Computer Engineering and Design 29(11), 2711–2714 (2008)Google Scholar
  5. 5.
    Ga, X., Dayuan, C.: A Study on Detection-Oriented Attack Classification and Attack Tree Generating Algorithm. Journal of Beijing University of Technology 23(3), 340–344 (2003)Google Scholar
  6. 6.
    Shuo, W., Jiliu, Z., Bo, P.: Unknown virus detection based on API sequence and support vector machine. Computer Applications 27(8), 1942–1943 (2007)Google Scholar
  7. 7.
    Hui, W., Shufen, L.: A Scalable Predicting Model for Insider Theat. Chinese Journal of Computers 29(8), 1346–1355 (2006)Google Scholar
  8. 8.
    Zaobin, G., Ping, W., Songfeng, L.: Information system security risk evaluation based on attack tree. Application Research of Computers 24(11), 153–160 (2007)Google Scholar
  9. 9.
    Wei, H., Changhong, Z., Mingtian, M.: Design of a Detection System of Trojan Horse based on Monitoring Dynamic Behavior. Fire Control and Command Control 35(2), 128–132 (2010)Google Scholar
  10. 10.
    Weiwei, L., Yong, S., Yu, G.: A Malicious Code Detection Method Based on Integrated Behavior Characterization. Electronics 37(4), 696–700 (2009)Google Scholar
  11. 11.
    Chunming, Z., Tianping, C., Xinyuan, Z.: A Method of Evaluating Network System Risk Events Probility based on attack tree. Fire Control and Command and Control 35(11), 17–22 (2010)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Peiyu Liu
    • 1
  • Bingru Niu
    • 1
  • Zhenfang Zhu
    • 2
  1. 1.Department of Information Science and EngineeringShandong Normal UniversityJinanChina
  2. 2.School of Information Science and Electric EngineeringShandong Jiaotong UniversityJinanChina

Personalised recommendations