A Novel Approach of Detecting Trojan Based on Network Behavior Analysis
Most existing approaches for detecting Trojan are limited for obfuscation and encryption techniques.In this paper,we present a network behavior analysis designed to address the limitations of previously-proposed approaches.Our solution considered not only transport layer characteristics but also network layer characteristics.The approach in this paper exhibits two major advantages: (1) can better represent Trojan network behavior,and (2) performed at very low computational cost.Based on clustering technique,we proposed a detection model that detects Trojan communication with high accuracy.We implement the model on real-world traces.The experiments show that our model is suitable for detecting Trojan communication amongst the vast amount of network traffic,with over 90% accuracy and less than 3.5%false positive rate.We confidently consider that our detection approach is complementary to the existing techniques.
trojan detection network behavior analysis network security
Shicong Li Xiaochun Yun Yongzheng Zhang Yi Pang Tao Yin
Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China;Institute of Informat Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China;Institute of Informat Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China;Graduate Universit
国际会议
2012 IEEE 14th International Conference on Communication Technology(2012年第十四届通信技术国际会议(ICCT 2012))
成都
英文
638-643
2012-11-09(万方平台首次上网日期,不代表论文的发表时间)