Research On Ferry Trojan Defense Based On Behavior Characteristics

As a very representative kind of the Trojan horse in the military secret network,ferry Trojan steal political,economic,military,cultural and other aspects of the confidential information about our country by implanted into confidential computer.When the USB equipment is connected with the computer of Internet,the confidential information can be sent to the foreign server,its particular behavior patterns is clearly seen,The conventional passive defense can not effectively detect this special Trojan.Therefore,research on the combination of kernel monitoring strategy and method of behavior analysis,completing defense of the ferry horse through the behavior characteristics is meaningful.This paper focuses on getting the ferry Trojan behavior,completing the analysis and judgement,so as to achieve the purpose of the ferry horse defense.Firstly,study the existing defense technology on ferry Trojan in detail,meanwhile analyse various methods of behavior characteristics acquisition and analyse the advantages and disadvantages of analysis methods.Then according to the analysis of the special behavior characteristic of the ferry horse,complete the ferry horse behavior monitoring through behavior monitoring on kernel layer.Through the realization of behavior monitoring kernel layer on the ferry horse and according to the ferry horse behavior monitoring strategy,then complete acquisition of behavior characteristics of ferry Trojan.According to acquisition of the behavior characteristics of the ferry horse,combined with grey fuzzy decision thoughts of behavioral characteristics,put forward the model based on behavior characteristic of the ferry horse,in order to realize the defense of the ferry horse effectively.Finally,this paper builds a simulation platform which can complete ferry Trojan behavior monitoring on the kernel layer and the analysis of behavioral characteristics,simulation experiments are done on the ferry Trojan behavior monitoring and behavioral characteristics determining method respectively.Verify the effectiveness of the ferry Trojan behavior monitoring.Complete classification through the analysis and comparison,then determine the ferry horse.Judgement of experimental results show that the efficiency of the ferry horse defense method of behavior based on characteristics proposed in this paper.