Trojan horse is a serious security threat to computer network. Traditionally, Trojan Horses are detected using file’s dynamic characteristics or behaviors. However, these methods are not available for unknown or un-awakened Trojan horses. Trojan horse always exists as PE (Portable Executable) file format in the Windows system environment, and the PE file has many static characteristics, which contains many runtime characteristics. In this paper, a new detecting method based on PE file’s static attributes is proposed, and intelligent information processing techniques are used to analyze those static attributes, such as decision tree, BP network and Finite State Machine. Further, a detection model is established to estimate whether a PE file is a Trojan horse. This thesis is prepared to value the static Trojan characteristic and build a new way to detect the Trojan horse by using the PE file static characteristics.
[1]
Swarup Bhunia,et al.
VIm-Scan: A Low Overhead Scan Design Approach for Protection of Secret Key in Scan-Based Secure Chips
,
2007,
25th IEEE VLSI Test Symposium (VTS'07).
[2]
Yang-seo Choi,et al.
PE File Header Analysis-Based Packed PE File Detection Technique (PHAD)
,
2008,
International Symposium on Computer Science and its Applications.
[3]
Wang Wei.
Trojan Horse Detection Model Based on File’s Static Attributes
,
2006
.
[4]
Berk Sunar,et al.
Trojan Detection using IC Fingerprinting
,
2007,
2007 IEEE Symposium on Security and Privacy (SP '07).
[5]
Bruno Rouzeyre,et al.
Secure scan techniques: a comparison
,
2006,
12th IEEE International On-Line Testing Symposium (IOLTS'06).
[6]
J. Kumagai,et al.
Chip detectives [reverse engineering]
,
2000
.