Prototype demonstration: trojan detection and defense system

  • Authors:

  • Ting Liu;Xiaohong Guan;Qinghua Zheng;Ke Lu;Yuanfeng Song;Weizhang Zhang

  • Affiliations:

  • MOE KLINNS Lab and SKLMS Lab, School of Electronic and Information Engineering, Xi'an Jiaotong University, Xian, Shaanxi, China;MOE KLINNS Lab and SKLMS Lab, School of Electronic and Information Engineering, Xi'an Jiaotong University, Xian, Shaanxi, China;MOE KLINNS Lab and SKLMS Lab, School of Electronic and Information Engineering, Xi'an Jiaotong University, Xian, Shaanxi, China;MOE KLINNS Lab and SKLMS Lab, School of Electronic and Information Engineering, Xi'an Jiaotong University, Xian, Shaanxi, China;MOE KLINNS Lab and SKLMS Lab, School of Electronic and Information Engineering, Xi'an Jiaotong University, Xian, Shaanxi, China;MOE KLINNS Lab and SKLMS Lab, School of Electronic and Information Engineering, Xi'an Jiaotong University, Xian, Shaanxi, China

  • Venue:
  • CCNC'09 Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference
  • Year:
  • 2009

Quantified Score

Hi-index 0.00

Visualization

Abstract

This paper presents a novel Trojan detection and defense system. The prototype searches the important files which contain users' confidential information on the disk. And then, these files will be monitored to find which processes will access them by capturing and analyzing the IRPs (I/O Request Packets). The processes of Trojans will be distinguished from regular ones by evaluating their API-calls with several machine-learning models, rather than traditional signature-based mechanism. Testing results show that this prototype could detect and defend the unknown Trojans quickly and accurately.