李文平

2016-08-29

Abstract:The invention discloses an intelligent upgraded Trojan virus prevention detection protection system which comprises a user operation module, a retrieval module, a primary detection module, a secondary analysis module, a dialogue module, a CPU module, an upgrading module, a timing module and a software module. The retrieval module receives a downloading instruction of the user operation module and begins to retrieve the content to prepare downloading; the primary detection module can judge whether the download address is the official download address or not, and receive and judge whether the download address of the retrieval content of the execution module is the official download address or not, if the download address is not the official address, information is transmitted to the conversation module, and if the download address is the official address, information is transmitted to the secondary analysis module; the secondary analysis module can judge whether the content is the illegal content agreed to be downloaded by a computer or not and receive the information transmitted by the primary detection module and the conversation module, the conversation module receives the information of the primary detection module and the secondary analysis module to be displayed, and according to selections of a user, the instruction is stopped if not continued, and the content is downloaded if continued.

Computer Science

LI Xiao-dong,LUO Ping,ZENG Zhi-feng

DOI: https://doi.org/10.3969/j.issn.1001-3695.2007.05.044

2007-01-01

Abstract:Trojan horse is a new kind computer virus,which makes much damage to computer information resources in a local network.This paper represented a new method to detect Trojans using its auto-startup characteristic.This method uses hooking system services dispatch table,so as to monitor file system and registry table.Compared with traditional detective methods,it can detect not only known Trojans but unknown ones.It is difficult for Trojans to escape detection because it is implemented in the kernel.

Mengze Li

Abstract:The Trojan Virus, or Trojan, is a malicious computer program that is used to compromise a computer by fooling users about its real intent. Although, unlike computer viruses, or worms, the Trojan does not directly attack operating systems, many modern forms act as a backdoor, which can grant access without authorization. This kind of infection helps attackers to break the confidentiality, integrity and availability of the data, and can cause a huge impact to both, private users and public organizations, such as exposing the user’s credit card information, or other personal identity information (PII). Recent Trojans have been engineered to cause bigger destruction and yet remain less obvious than their ancestors. For example, several cheap android phones come preinstalled with Trojan viruses, which, for example, show advertisements on top of running apps and prevent users from removing the pictures. In a desktop-based example, the BackDoor.TeamViewer.49 can remove its icon from the Windows notification area and disable error reporting and implement a special mechanism meant to prevent it from being restarted on an infected computer once the TeamViewer is launched, which means that its malicious behavior is too hard to identify. 1 Landwehr, C. E; A. R Bull; J. P McDermott; W. S Choi (1993). A taxonomy of computer program security flaws, with examples. DTIC Document. Retrieved 2012-04-05. 2 "What is the difference between viruses, worms, and Trojans?". Symantec Corporation. Retrieved 2009-01-10. 3 "VIRUS-L/comp.virus Frequently Asked Questions (FAQ) v2.00 (Question B3: What is a Trojan Horse?)". 9 October 1995. Retrieved 2012-09-13. 4 ValueWalk: Several cheap android phones come preinstalled with trojan viruses (2016). . Chatham: Newstex. Retrieved from http://ezproxy.valpo.edu/login?url=http://search.proquest.com/docview/1848915535?accountid=14811 5 https://www.scmagazine.com/knock-knock-unique-new-backdoor-trojan-infecting-computers/article/528205/ In this study, we are reviewing and analyzing the actual code of three famous modern Trojans in order to learn their most common functions and goals. Take the example below: { "timestamp": 12345, "account_id": "abc@gmail.com", "location": { "lat": 200, "lon": 1 }, "audio_url": "abc@gmail.com/12345/audio.aac", "image_url": "abc@gmail.com/12345/image.jpg" } These lines of code can help the hackers collect images, 10-second sound clips, and location information from users’ phones every 3 seconds, and upload them via Wi-Fi. We are furthermore comparing the modern Trojan with the old Trojan to see the improvement of the modern Trojan, and how the Trojan hide itself from the anti-malware software, and the IPS system. Both, code analysis and historical comparison are critical in developing patches to prevent the process of such unauthorized data theft. Although many Trojan viruses are armored, which means that the attackers have used advanced methods, such as encrypting the code, or added useless code to confuse the cybersecurity professional, we will be using hackers’ actual code stubs, obtained from public sources such as GitHub, in order to get around this obstacle. This analysis will support our theory that most of modern Trojan viruses are intending to act as a backdoor for granting unauthorized accesses, thereby causing bigger destruction while more skillfully attempting to evade detection by common countermeasures. 6 https://github.com/project-columbus/trojan

Computer Science,Engineering

Hong CHEN,Weiwei YANG,Jiankun SHI,Weiqiang LIN

DOI: https://doi.org/10.16400/j.cnki.kjdkz.2015.07.086

2015-01-01

Abstract:In order to reduce the harm of the computer virus, the proposal is presented to cut off the computer virus' lifecycle based on the working principles of the computer virus. The effective strategy is to implement the defense mechanism during the design stage, the propagation phase and the operation phase with the safety education, which demonstrates it is effective to reduce the average probability of poisoning about 23%and the percentage of working hours is improved 25%in lab of uni-versities and colleges.

CHEN Liyue,SUN Xin,CHENG Tiansheng,WU Chunming,CHEN Shuangxi

DOI: https://doi.org/10.11959/j.issn.1000-0801.2020142

2020-01-01

Abstract:Rootkit is a set of persistent and undetectable attack technologies,which can hide their attack behavior and backdoor trace by modifying software or kernel in operating system and changing execution path of instruction.Firstly,the basic definition and evolution of Rootkit were introduced,then the operating principle,current mainstream technology and detection methods of Rootkit were discussed.Then,through comparative experiments on performance and security,the application of mimic defense system was described for Web based on dynamic,heterogeneous,redundant structure under Trojan Horse attack.Experiments show that mimic defense system can effectively defend against Trojan Horse in tests in the premise of low overhead.At last,the opportunities and challenges of the DHR system were summarized.

Ting Liu,Xiaohong Guan,Qinghua Zheng,Ke Lu,Yuanfeng Song,Weizhang Zhang

DOI: https://doi.org/10.1109/CCNC.2009.4785028

2010-01-01

Abstract:This paper presents a novel Trojan detection and defense system. The prototype searches the important files which contain users' confidential information on the disk. And then, these files will be monitored to find which processes will access them by capturing and analyzing the IRPs (I/O Request Packets). The processes of Trojans will be distinguished from regular ones by evaluating their API-calls with several machine-learning models, rather than traditional signature-based mechanism. Testing results show that this prototype could detect and defend the unknown Trojans quickly and accurately.

XU Ming,YANG Tong,ZHENG Lian-qing,ZHANG Chuan-rong

2011-01-01

Abstract:To reinforce network security and prevent Trojan horse attacks,a concealing technology by triple jump in load and thread guard is analyzed and implemented with an example,and a Trojan horse using the technology is programmed,and the hidden nature and survivability of the Trojan horse is enhanced by it.Finally,the corresponding cleaning method is put forward.Experimental results show that the Trojan horse completes the expected hidden features,and can penetrate the latest Rising anti-virus software,Rising Firewall and general hardware firewalls,which demonstrate the feasibility and effectiveness of the concealing technology.

郑成,王轶骏,薛质

DOI: https://doi.org/10.3969/j.issn.1009-8054.2012.01.050

2012-01-01

Abstract:Ghost reduction system is widely used in the computer system restoration, this technology is easy to use while contains certain safety hidden trouble. This paper first describes Ghost image file format, and tells of its analytical process and principles. And on this basis, this paper draws out the Trojan hiding and residence technology of the Ghost image reduction system, and analyzes the realization of command line tool which can penetrate the Ghost image file. This tool reads and analyzes Ghost image file, and then writes in the back door to their files, thus to realize the Trojan horse hiding and residence. This paper finally puts forth how to prevent and detect the hiding and residing Trojan by this method, and thus to ensure the integrity and safety of restored system.

HAO Dong-bai,GUO Lin,HUANG Hao

DOI: https://doi.org/10.3321/j.issn:1002-8331.2007.24.040

2007-01-01

Abstract:According to the analysis of Trojan horse attack patterns,implant methods,the security model of windows and limitations of the Trojan horse detection technologies at present,A defense against Trojan horse system based on restricted token is stated in this paper.Combined with constructing the secure work environment,auditing the startup of applications and restraining the malicious action of Trojan horse.The design of process environment control module,service manager module,register monitoring and anomaly diagnose module are focused on.At last,the experiment result validates the feasibility and availability of this system.

CHEN Lei-ting,ZHANG Liang

DOI: https://doi.org/10.3969/j.issn.1001-0548.2005.02.021

2005-01-01

Abstract:This paper points out the deficiency in detecting the unknown Trojan horse of the present anti-virus software at first, introduces the advantage of artificial immune system in self-adaptability aspect, and points out the feasibility of artificial immunity mechanism in Trojan horses detection; Then through an analysis about the new technology of Trojan horses, proves the deficiency of current computer security system with a Trojan horses model, presents the transfer of Trojan horses detection from the anti-virus software to the subsystem of immune IDS, improves the self-adaptive capacity of Trojan horses detection with its immune mechanism; Finally, a behavior mode is put forward, which is mapped from the using situation of process systematic resource to the process systematic call, and by this means, a Trojan horse detection model based on artificial immunity mechanism is set up.

XU Qiang,JIANG Xing-hao,YAO Li-hong,ZHANG Zhi-qiang,ZHANG Cheng

DOI: https://doi.org/10.11959/j.issn.2096-109x.2017.00160

2017-01-01

Abstract:The design and manufacture of integrated circuit chips are now a key component of the electronic industry.The increasing popularity of third-party technology services may lead to the implantation of hardware chips in the manufacturing process,which brings great challenge to the security of electronic devices.After introducing the concept of hardware Trojans,the characteristics and its forms were briefly analyzed.Then the detection technologies,and the prevention strategies of the hardware Trojans were discussed.At last,the development trend of the hardware Trojans was summarized.

Cai Hongmin,Wu Naiqi,Teng Shaohua

DOI: https://doi.org/10.3969/j.issn.1000-386X.2012.05.076

2012-01-01

Abstract:Networks attack means emerge endlessly along with the growing serious network security problems.As a kind of main malicious code,Trojan horse program brings great troubles to computer users in the areas of infringing personal privacies and remotely monitoring the computers of others,etc.The authors implement a distributed Trojan horse program detection system by applying the deep packet inspection technology to the detection of Trojan horse program,we use regular expression to match the attack mode in detecting the Trojan horse program,therefore have strengthened the security of networks.

XU Xu-xu,XUE Zhi,WU Gang

DOI: https://doi.org/10.3969/j.issn.1009-2552.2012.02.041

2012-01-01

Abstract:This paper first introduced the basic conceptions about Trojan Horse and basic technologies of Trojan Horse,and then it introduced the common methods of Trojan Horse detection.And it expounds the current research condition and development trend of Trojan Horse detection.It analyzes and summarizes the behavioral characteristics of their installation,and puts forward an anti-trojan strategy based on behavior analysis.

张磊

DOI: https://doi.org/10.3969/j.issn.1006-4052.2010.10.047

2010-01-01

Abstract:With the computer and network technology,the rapid development of the back door of the increasing threats to information security.The authors adjusted the back door to look into the idea of a dynamic link library,so that there can be no process,no open ports etc.,thus achieving a process,the port hidden,so the back door DLL-based prevention and information security problems has become a more important object of study worthy of attention.This article describes the types of Trojan horse program works and realization of the function,describing the main API functions,and summarizes a number of DLL Trojans killing methods.

SHI Yong,XUE Zhi,LI Jianhua

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.07.053

2005-01-01

Abstract:A new trojan horse on Windows operating system is presented. This technology combines SPI which is a new characteristic in Winsock 2 with remote thread injecting in Windows kernel and DLL(dynamic-link libraries) in Windows file system. And it uses some characteristics in filtration and interrupt of firewalls for reference. A new trojan horse hiding style is realized.

Fan Zhang,Chen Dong,Wucheng Hu,Jinghui Chen,Guorong He

DOI: https://doi.org/10.1109/IAEAC47372.2019.8997863

2019-01-01

Abstract:EDA tools almost completely automate the current chip design. However, EDA tools are all provided by third-party companies, therefore the credibility of EDA tools and the trust issues brought by their process libraries have attracted people's attention. Given these problems, this paper proposes a self-training hardware Trojan confrontation framework based on machine learning embedded in EDA tools. The framework focuses on the gate-level netlist files generated during the integrated chip comprehensive optimization phase, thereby detects, locates and deletes hardware Trojans that may appear. The experimental results show that the framework can achieve more than 85% detection effect for unknown hardware Trojans. Moreover, for known hardware Trojans, this framework can achieve almost 100% detection. Accordingly, hardware Trojans can be located and deleted.

Ghossoon. M. W. Al-Saadoon,Hilal M. Y. Al-Bayatti,Hilal M.Y. Al-Bayatti

DOI: https://doi.org/10.48550/arXiv.1105.1234

2011-05-06

Cryptography and Security

Abstract:Trojan virus attacks pose one of the most serious threats to computer security. A Trojan horse is typically separated into two parts - a server and a client. It is the client that is cleverly disguised as significant software and positioned in peer-to-peer file sharing networks, or unauthorized download websites. The most common means of infection is through email attachments. The developer of the virus usually uses various spamming techniques in order to distribute the virus to unsuspecting users. Malware developers use chat software as another method to spread their Trojan horse viruses such as Yahoo Messenger and Skype. The objective of this paper is to explore the network packet information and detect the behavior of Trojan attacks to monitoring operating systems such as Windows and Linux. This is accomplished by detecting and analyzing the Trojan infected packet from a network segment -which passes through email attachment- before attacking a host computer. The results that have been obtained to detect information and to store infected packets through monitoring when using the web browser also compare the behaviors of Linux and Windows using the payload size after implementing the Wireshark sniffer packet results. Conclusions of the figures analysis from the packet captured data to analyze the control bit, and check the behavior of the control bits, and the usability of the operating systems Linux and Windows.

Yao Song,Chen Xiaoming,Wang Yu,Yang Huazhong

2015-01-01

Abstract:The invention provides a hardware Trojan detecting method based on circuit characteristic analysis. The hardware Trojan detecting method includes steps of inputting a detected circuit and acquiring a high-level modeling file of the detected circuit; identifying functional modules in the detected circuit according to the high-level modeling file of the circuit to be detected so as to judge reliability of the functional modules, and marking the detected circuit when the functional modules are reliable; extracting classification features from the marked detected circuit, matching each type of hardware Trojan characteristics in a preset hardware Trojan circuit characteristic database and outputting characteristic analysis results of classes according to the matching results; comprehensively analyzing the characteristic analysis results of classes so as to obtain reliability information of the detected circuit. By the hardware Trojan detecting method, hardware Trojan detecting speed is effectively increased as well as discrimination degree of the detecting area of different types of hardware Trojan, and detection effect of hardware Trojan in the time sequencing circuit is effectively improved.

Chen Dong,Yi Xu,Ximeng Liu,Fan Zhang,Guorong He,Yuzhong Chen

DOI: https://doi.org/10.3390/s20185165

IF: 3.9

2020-01-01

Sensors

Abstract:Diverse and wide-range applications of integrated circuits (ICs) and the development of Cyber Physical System (CPS), more and more third-party manufacturers are involved in the manufacturing of ICs. Unfortunately, like software, hardware can also be subjected to malicious attacks. Untrusted outsourced manufacturing tools and intellectual property (IP) cores may bring enormous risks from highly integrated. Attributed to this manufacturing model, the malicious circuits (known as Hardware Trojans, HTs) can be implanted during the most designing and manufacturing stages of the ICs, causing a change of functionality, leakage of information, even a denial of services (DoS), and so on. In this paper, a survey of HTs is presented, which shows the threatens of chips, and the state-of-the-art preventing and detecting techniques. Starting from the introduction of HT structures, the recent researches in the academic community about HTs is compiled and comprehensive classification of HTs is proposed. The state-of-the-art HT protection techniques with their advantages and disadvantages are further analyzed. Finally, the development trends in hardware security are highlighted.

杨彦,黄皓

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.11.015

2008-01-01

Abstract:Trojan is malicious program which is designed to obtain privilege and steal information; it seriously endangers the internet se- curity and information security. The rules of Trojan's attack actions are researched, a new Trojan horse detection method based on executable static analysis is proposed. The present attack tree model is improved, an extended attack tree model is designed to d escribe the sequences of threatening system calls Trojan commonly used. Matched the set of APIs used in PE file with the original extended attack tree, to predict the attack actions may appear in the implementation of the PE file and estimate whether the PE file is a Trojan.