Dynamic Attack Tree and Its Applications on Trojan Horse Detection

Author

Jin, Cong ; Wang, Xiao-Yan ; Tan, Hua-Yong

Author_Institution

Dept. of Comput. Sci., China Central Normal Univ., Wuhan, China

Volume

1

fYear

2010

fDate

24-25 April 2010

Firstpage

56

Lastpage

59

Abstract

Attack tree generating algorithm has been studied thoroughly. However, the method for adjusting the attack tree with ever-increasing needing has not been presented. A novel Trojan horse detection approach is presented in this paper. Original attack tree is modeled on the basis of APIs that Trojan horse often used. Matching the set of APIs got by statically analyzing the PE file with the original attack tree, to predict malicious actions may appear in the implementation of the PE file and estimate whether the PE file is a Trojan. The attack tree can adjust with word analysis after analyze the detection results to improve the detection ability. The experiment shows that this approach can detect known and unknown (upgraded) Trojan horse effectively. Moreover, this is the first time present the attack tree´s dynamically adjustment and this has for-reaching significance for the attack tree and Trojan horse detection.

Keywords

application program interfaces; invasive software; API; application program interface; attack tree generating algorithm; dynamic attack tree; malicious attack detection; trojan horse detection; Application software; Computer hacking; Computer science; Dynamic programming; Functional programming; Hardware; Information technology; Invasive software; Multimedia systems; Operating systems;

fLanguage

English

Publisher

ieee

Conference_Titel

Multimedia and Information Technology (MMIT), 2010 Second International Conference on

Conference_Location

Kaifeng

Print_ISBN

978-0-7695-4008-5

Electronic_ISBN

978-1-4244-6602-3

Type

conf

DOI

10.1109/MMIT.2010.12

Filename

5474403