Abstract
With the development of Trojan horse detection technology, the survivability of the Trojan hidden in the space of operating systems becomes more and more weak. As a result, more kernel hidden and hardware hidden techniques have been proposed and applied to the design of new Trojans. Because of the complexity and diversity of kernel hiding technologies and the emergence of hardware Trojans, detection becomes more and more difficult. We propose a black-box model to simplify the communication processing system of a computer. The modules of complex communication processing in the kernel of the operating system and the hardware are reduced to a black box with two end points. Hidden traffic can be easily extracted regardless of the Trojan hidden technologies. After this, a special-Trojan detection system based on the extraction of the hidden traffic is present. The experimental result has demonstrated the usage of the traffic extract model.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Liu, Y.-F., Zhang, L.-W., Liang, J., et al.: Detecting Trojan horses based on system behavior using machine learning method. In: Machine Learning and Cybernetics (ICMLC 2010), pp. 855–886 (2010)
Li, S., Yun, X., Zhang, Y.Z., et al.: A Novel Approach of Detecting Trojan Based on Network Behavior Analysis, pp. 513–518. IEEE Press (2012)
Deepa, A.J., Kavitha.V.: A Comprehensive Survey on Approaches to Intrusion Detection System. In: International Conference on Modeling Optimisation and Computing 2012, pp. 2064–2069. Elsevier Ltd. (2012)
Xiang, B., Hao, Y.-J., Zhang, Y., et al.: A Novel Anti-Trojan Approach usingBehavioral Analysis. In: Apperceiving Computing and Intelligence Analysis, ICACIA 2008, pp. 311–314 (2008)
Fu, D., Zhou, S., Cao, C.: A Windows Rootkit Detection Method Based on Cross-View. In: The International Conference on E-Product, E-Service and E-Entertainment (ICEEE 2010), pp. 1–3 (2010)
Wang, X., Tehranipoor, M., Plusquellic, J.: Detecting Malicious Inclusions in Secure Hardware: Challenges and Solutions. In: 1st IEEE International Workshop on Hardware-Oriented Security and Trust (HOST), pp. 15–19 (2008)
Kalyoncu, H., Sankur, B.: Estimation of survivability ofcommunication networks. Electronics Letters 28(19), 473–480 (1992)
Snort, http://www.snort.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chen, Z., Tao, Y., Li, G. (2014). A Method for Detecting Trojan Based on Hidden Network Traffic Analysis. In: Batten, L., Li, G., Niu, W., Warren, M. (eds) Applications and Techniques in Information Security. ATIS 2014. Communications in Computer and Information Science, vol 490. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45670-5_7
Download citation
DOI: https://doi.org/10.1007/978-3-662-45670-5_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-45669-9
Online ISBN: 978-3-662-45670-5
eBook Packages: Computer ScienceComputer Science (R0)