Algebra-Based Behavior Identification of Trojan Horse
Compared with the rapidly developing technology of Trojan hiding, hooking, stealing and anti-removing, the detection and recogni tion technology grows relatively slowly.Signature code detecting technol ogy requiring mass storage and unable to predict new Trojan, heuristic scanning with high misreporting rate and false rate, this article is proposing algebra to describe and detect the behavior of the Trojan.Specifically, let the node of the lattice denote the status of the Trojan, and the operations in the lattice denote the combination of the behavior of Trojans.Thus, the lattice model supplies a quantitative way to iden tify the Trojan.Boolean Algebra (BA) and Concept Lattice (CL) are two models that are extended on model construction, identification method, and application.Finally, we present theoretical support and sample im plementation process to test the theory and the test result is positive so far.
Trojan behavior definition Action danger Boolean algebra Concept lattice
Aihua Peng Lansheng Han Yanan Yu Nan Du Mingquan Li
Lab of Information Security,Department of Computer Science and Technology,Huazhong University of Sci Academy of Satellite Application,Beijing,100086,China
国际会议
The 5th International Symposium on Cyberspace Safety and Security ( CSS2013)(第五届国际网络空间安全和安保研讨会)
张家界
英文
323-337
2013-11-13(万方平台首次上网日期,不代表论文的发表时间)