An Unknown Trojan Detection Method Based on Software Network Behavior
Aiming at the difficulty of unknown Trojan detection in the APT flooding situation, an improved detecting method has been proposed.The basic idea of this method originates from advanced persistent threat (APT) attack intents: besides dealing with damag ing or destroying facilities, the more essential purpose of APT at tacks is to gather confidential data from target hosts by planting Trojans.Inspired by this idea and some in-depth analyses on re cently happened APT attacks, five typical communication character istics are adopted to describe application”s network behavior, with which a fine-grained classifier based on Decision Tree and Naive Bayes is modeled.Finally, with the training of supervised machine learning approaches, the classification detection method is imple mented.Compared with general methods, this method is capable of enhancing the detection and awareness capability of unknown Tro jans with less resource consumption.
targeted attack unknown Trojan detection software network behavior machine learning
LIANG Yu PENG Guojun ZHANG Huanguo WANG Ying
School of Computer/Key Laboratory of Aerospace Information Security and Trusted Computing of Ministr School of Computer/Key Laboratory of Aerospace Information Security and Trusted Computing of Ministr
国内会议
秦皇岛
英文
369-376
2013-09-01(万方平台首次上网日期,不代表论文的发表时间)