Based on Bayesian theory Trojan Detection Technology
|School||Huazhong University of Science and Technology|
|Keywords||Trojan Static Code Features Dynamic behavior Bayesian classification Polynomial event model|
With rapid development of Internet , computer applications have penetrated into all areas of society , the Internet provides us with a lot of services to the life and work to bring the convenience , but let's information security has become a very important issue . Because the browser 's widely used by hackers browser and third-party software vulnerabilities spread Trojan , obtain system privileges , vandalism, theft of user information , so that the interests of users has been a great loss. Trojan has spread fast , and simple deformation characteristics, traditional signature detection technology is difficult to detect the Trojan . Trojan detection method is necessary. Trojan Trojan and traditional difference is that the Trojan runs must use a browser . When the browser triggers the Trojan program, the Trojan will use the other system or browser vulnerabilities automatically configured Trojan server downloaded to the visitor's computer, and then run automatically to achieve the destruction, theft of computer information purposes. Therefore , the subject first proposed the theory of polynomial events using Bayesian model calculation procedure of threat be detected , and so determine whether the Trojan . Subject of the use of static code web applications and dynamic behavior as a detection feature , the use of the concept of information gain characteristics Filter . In the feature set of the screening process , characterized by a strong focus on topics occurrences . Topic is based on Bayesian classification method that uses an event based on word frequency polynomial model to calculate the unknown characteristics of web applications static and dynamic behavior code threat , respectively, with the corresponding threshold , thereby determining whether the program is to be detected Trojan . Finally , the experimental section to detect a new theoretical model designed Trojan detection system , and some of detection algorithm design and implementation of the system . Experimental verification of the feasibility of detection model for Trojan detection technology provides a new way of thinking.