Trojan

About: Trojan is a research topic. Over the lifetime, 2028 publications have been published within this topic receiving 33209 citations.

Method and system for preventing remote control type Trojan viruses

Abstract: The invention provides a method and system for preventing remote control type Trojan viruses. The method includes the steps of capturing data packet flow in a network, traversing the captured data packet flow through the characteristics in a preset characteristic rule base, judging whether matching characteristics exist or not, handing over the data packet flow to a subsequent malicious code probe to be processed if the matching characteristics exist, continuing judging the data packet flow if no matching characteristics exist, removing a known URL in the captured data packet flow, judging whether the data packet flow is malicious flow or not, conducting stopping and giving an alarm and a prompt if the data packet flow is malicious flow, and releasing the data packet flow if the data packet flow is not malicious flow. The invention further provides the corresponding system. By means of the method and the system, the remote control type Trojan viruses can be effectively prevented from running, malicious flow can be prevented from in and out, and a computer of a user is protected against damage.

Detection of Trojan Horses by the analysis of system behavior and data packets

Abstract: Trojan Horse is said to be one of the most serious threats to computer security. A Trojan Horse is an executable file in the Windows operating system. This executable file will have certain static and runtime characteristics. Multiple system processes in the Windows OS will be called whenever a Trojan Horse tries to execute any operation on the system. In this paper, a new Trojan Horse detection method by using Windows Dynamic Link Libraries to identify system calls from a Trojan Horses is explicated. Process explorer is used to identify the malicious executables and to determine whether they are Trojans or not. Further, an attempt made to study the network behavior after a Trojan Horse is executed using Wireshark.

Intelligent Trojan identification device and method

Abstract: The invention discloses an intelligent Trojan identification device and method. Specific to the problems of insufficient capability in identifying unknown Trojans and variant Trojans and the like in a Trojan detection technology, the invention provides a detection method combining a detection technology based on behavior analysis and a detection technology based on feature matching.

Unknown trojan detecting method based on network communication behaviors

Abstract: The invention relates to an unknown trojan detecting method based on network communication behaviors. The method comprises the following steps of collecting the original data of the network communication behaviors; preprocessing the collected original data; according to trojan communication features, extracting the features of the preprocessed data; based on normal communication behaviors and trojan communication behaviors, establishing a suspicious rule base; by means of the suspicious rule base, detecting the preprocessed data to determine unknown trojans, wherein detecting the preprocessed data through the suspicious rule base actually relates to the problem of matching the preprocessed data and is a process of matching the rules in the suspicious rule base. Therefore, the unknown trojan detecting method based on the network communication behaviors achieves efficient detection on the unknown trojans.