论文信息 - Algebra-Based Behavior Identification of Trojan Horse

Algebra-Based Behavior Identification of Trojan Horse

Compared with the rapidly developing technology of Trojan hiding, hooking, stealing and anti-removing, the detection and recognition technology grows relatively slowly. Signature code detecting technology requiring mass storage and unable to predict new Trojan, heuristic scanning with high misreporting rate and false rate, this article is proposing algebra to describe and detect the behavior of the Trojan. Specifically, let the node of the lattice denote the status of the Trojan, and the operations in the lattice denote the combination of the behavior of Trojans. Thus, the lattice model supplies a quantitative way to identify the Trojan. Boolean Algebra (BA) and Concept Lattice (CL) are two models that are extended on model construction, identification method, and application. Finally, we present theoretical support and sample implementation process to test the theory and the test result is positive so far.

Lansheng Han | Nan Du | Yanan Yu | Mingquan Li | Aihua Peng

[1] Harold W. Thimbleby,et al. A Framework for Modelling Trojans and Computer Virus Infection , 1998, Comput. J..

[2] Miodrag Potkonjak,et al. Scalable consistency-based hardware trojan detection and diagnosis , 2011, 2011 5th International Conference on Network and System Security.

[3] Yiorgos Makris,et al. Hardware Trojan detection using path delay fingerprint , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[4] Stephanie Forrest,et al. Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[5] Brian A. Davey,et al. An Introduction to Lattices and Order , 1989 .

[6] Christos A. Papachristou,et al. MERO: A Statistical Approach for Hardware Trojan Detection , 2009, CHES.

[7] Michael Franz,et al. Symmetric behavior-based trust: a new paradigm for internet computing , 2004, NSPW '04.

[8] Christopher Krügel,et al. Behavior-based Spyware Detection , 2006, USENIX Security Symposium.

[9] Chengyu Song,et al. Studying Malicious Websites and the Underground Economy on the Chinese Web , 2008, WEIS.

[10] Christophe Clavier,et al. Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings , 2009, CHES.

[11] Bernd I. Dahn. Robbins Algebras Are Boolean: A Revision of McCune's Computer-Generated Solution of Robbins Problem , 1998 .