{"title":"通过分析系统行为和数据包来检测特洛伊木马","authors":"Vamshi Krishna Gudipati, Aayush Vetwal, Varun Kumar, Anjorin Adeniyi, Abdel-shakour Abuzneid","doi":"10.1109/LISAT.2015.7160176","DOIUrl":null,"url":null,"abstract":"Trojan Horse is said to be one of the most serious threats to computer security. A Trojan Horse is an executable file in the Windows operating system. This executable file will have certain static and runtime characteristics. Multiple system processes in the Windows OS will be called whenever a Trojan Horse tries to execute any operation on the system. In this paper, a new Trojan Horse detection method by using Windows Dynamic Link Libraries to identify system calls from a Trojan Horses is explicated. Process explorer is used to identify the malicious executables and to determine whether they are Trojans or not. Further, an attempt made to study the network behavior after a Trojan Horse is executed using Wireshark.","PeriodicalId":235333,"journal":{"name":"2015 Long Island Systems, Applications and Technology","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2015-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Detection of Trojan Horses by the analysis of system behavior and data packets\",\"authors\":\"Vamshi Krishna Gudipati, Aayush Vetwal, Varun Kumar, Anjorin Adeniyi, Abdel-shakour Abuzneid\",\"doi\":\"10.1109/LISAT.2015.7160176\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Trojan Horse is said to be one of the most serious threats to computer security. A Trojan Horse is an executable file in the Windows operating system. This executable file will have certain static and runtime characteristics. Multiple system processes in the Windows OS will be called whenever a Trojan Horse tries to execute any operation on the system. In this paper, a new Trojan Horse detection method by using Windows Dynamic Link Libraries to identify system calls from a Trojan Horses is explicated. Process explorer is used to identify the malicious executables and to determine whether they are Trojans or not. Further, an attempt made to study the network behavior after a Trojan Horse is executed using Wireshark.\",\"PeriodicalId\":235333,\"journal\":{\"name\":\"2015 Long Island Systems, Applications and Technology\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 Long Island Systems, Applications and Technology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/LISAT.2015.7160176\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 Long Island Systems, Applications and Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/LISAT.2015.7160176","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Detection of Trojan Horses by the analysis of system behavior and data packets
Trojan Horse is said to be one of the most serious threats to computer security. A Trojan Horse is an executable file in the Windows operating system. This executable file will have certain static and runtime characteristics. Multiple system processes in the Windows OS will be called whenever a Trojan Horse tries to execute any operation on the system. In this paper, a new Trojan Horse detection method by using Windows Dynamic Link Libraries to identify system calls from a Trojan Horses is explicated. Process explorer is used to identify the malicious executables and to determine whether they are Trojans or not. Further, an attempt made to study the network behavior after a Trojan Horse is executed using Wireshark.