Research on the Technology of Detecting Trojan Dynamically based on ID3 Decision Tree

Trojan is one of the main security threats to computer network.This paper puts forward an improved method to detect Trojan dynamically which combines behavioral analysis with ID3 decision tree,making up the insufficiency of the common methods.This paper describes the principle,algorithm,implementation and performance of this technology in detail,and learns Trojan samples and normal samples using ID3 algorithm,therefore built a decision tree with its results.Finally,the kind of a sample could be judged based on its behaviors when the sample is running.Implementation and experiments have proved that in windows system,this technology could detect Trojan efficiently.