An unknown Trojan detection method based on software network behavior |
| |
| Authors: | LIANG Yu PENG Guojun ZHANG Huanguo WANG Ying |
| |
| Affiliation: | 1. School of Computer/Key Laboratory of Aerospace Information Security and Trusted Computing of Ministry of Education, Wuhan University, Wuhan 430072, Hubei, China
2. School of Computer/Key Laboratory of Aerospace Information Security and Trusted Computing of Ministry of Education, Wuhan University, Wuhan 430072, Hubei, China;Law School, Renmin University of China, Beijing 100872,China |
| |
| Abstract: | Aiming at the difficulty of unknown Trojan detection in the APT flooding situation, an improved detecting method has been proposed. The basic idea of this method originates from advanced persistent threat (APT) attack intents: besides dealing with damaging or destroying facilities, the more essential purpose of APT attacks is to gather confidential data from target hosts by planting Trojans. Inspired by this idea and some in-depth analyses on recently happened APT attacks, five typical communication characteristics are adopted to describe application’s network behavior, with which a fine-grained classifier based on Decision Tree and Naïve Bayes is modeled. Finally, with the training of supervised machine learning approaches, the classification detection method is implemented. Compared with general methods, this method is capable of enhancing the detection and awareness capability of unknown Trojans with less resource consumption. |
| |
| Keywords: | targeted attack unknown Trojan detection software network behavior machine learning |
| 本文献已被 CNKI 万方数据 SpringerLink 等数据库收录! |
|
