Research And Implementation Of The Active Defense System Of Trojan Horse Virus Based On Behavior Analysis

With the popularization of computer network in the world,users are beginning to face more and more cyber security problems,and the time of the virus spreading and the invasion of the attacker continues to grow,and the interests of society,enterprises and individuals have caused great harm.Traditional defense technologies,which seek solutions after being attacked,have long been unable to deal effectively with the current cyber threat.Active defense system aiming at the deficiency of the traditional defense technology,through the network of the comprehensive monitoring of computer real-time protection to prevent the invasion of the computer virus,internal attacks and dangerous behaviour,such as wrong operation,and the system can and other Internet security protection product combination,on the network environment and the user host provide initiative and performance of comprehensive protection.The Windows operating system as a research platform,this paper deeply studies the basic structure and Trojan virus attack principle and so on,and after the investigation of the existing active defense technology,this paper puts forward a set of passive defense and behavior analysis of active defense combined solution.Specific research contents and results are as follows:1.Thesis research the research status of active defense technology,collect a lot of Trojan virus samples,summed up the Trojan virus signature behavior at runtime,by studying the Windows system calls to Trojan virus behavior abstract into API function calls,and use the API HOOK technology from the aspects of file operations,the registry and processes three access API function call.2.Thesis research can be used in the classification of Trojan detection algorithm,analysis the advantages and disadvantages of various classification algorithms,naive bayesian classification algorithm is selected as the foundation,proposed augmented weight bayesian classification algorithm,solve the independence assumption of naive bayesian classification algorithm.Finally,a multi-channel AWB classification algorithm model is constructed to improve the Trojan horse detection rate.3.The whole active defense system is designed and implemented,and the system is divided into three modules:the application layer module mainly displays the interface of the computer physical examination,the system setting and the log view of intercepting virus,etc.The passive defense module builds a static feature code base,which can quickly and accurately identify the existing viruses.The active defense module captures the behavior of unknown programs and makes category judgment according to the improved classification algorithm.4.In order to ensure safety,the active defense system proposed in this paper is tested in an independent physical machine.In the test experiment,the system was tested from several angles,including the system function test,the unbalanced method test,the performance comparison of the classification algorithm,and the test of different quantity sample sets.In this paper,multi-channel AWB classification algorithm and experimental comparison results of the classification of the common algorithm,multi-channel AWB classification algorithm in the detection accuracy is higher than the Naive bayesian classification algorithm and the classification of the common algorithm,at the same time in this paper,the improved classification algorithm in non-response rates and also on the rate of false positives than Naive bayesian classification algorithm and the classification of the common algorithm,this article improved classification algorithm on the Trojan detection is improved.