Title :
A Novel Approach to Trojan Horse Detection by Process Tracing
Author :
Wu, NaiQi ; Qian, Yanming ; Chen, Guiqing
Author_Institution :
Dept. of Ind. Eng., Guangdong Technol. Univ., Guangzhou
Abstract :
Nowdays we are more and more concerned with the security of networks for it is vulnerable for the Internet to be attacked. Trojan horses are dangerous tools to attack the Internet. Particularly, there are numerous Trojan horses for Windows system and some new Trojan horses are created almost everyday. In this paper, we address the problem of Trojan horse detection and present a new method to detect Trojan horses. By this method, we monitor the packages transmitted by a computer in real-time, identify the ports through which the packages are transmitted. With the port number known and the information provided by the operation system, we then find the process that sends the packages through a port, and the program file that creates the process is traced. In this way, we link the port being used to the corresponding process. By doing so, we can detect not only the known Trojan horses with more accuracy, but also detect new Trojans. This approach is implemented in Window system. Experiments have been carried out and results show the effectiveness of the method
Keywords :
Internet; invasive software; telecommunication security; Internet; Trojan horse detection; Windows system; network security; process tracing; Computer networks; Computer security; Computerized monitoring; IP networks; Information security; Internet; Intrusion detection; Invasive software; Microcomputers; Packaging;
Conference_Titel :
Networking, Sensing and Control, 2006. ICNSC '06. Proceedings of the 2006 IEEE International Conference on
Conference_Location :
Ft. Lauderdale, FL
Print_ISBN :
1-4244-0065-1
DOI :
10.1109/ICNSC.2006.1673235
