中国邮电高校学报(英文版) ›› 2019, Vol. 26 ›› Issue (1): 32-39.doi: 10.19682/j.cnki.1005-8885.2019.0004

• Artificial Intelligence • 上一篇    下一篇

Integrated Trojan detecting model based on period feature statistics

张金玲1,吕蕾2   

  1. 1. 中国人民大学
    2. 山东师范大学
  • 收稿日期:2018-10-10 修回日期:2018-12-13 出版日期:2019-02-26 发布日期:2019-02-27
  • 通讯作者: 张金玲 E-mail:zhangjinling_li@163.com
  • 基金资助:
    国家自然科学基金青年基金

Integrated Trojan detecting model based on period feature statistics

  • Received:2018-10-10 Revised:2018-12-13 Online:2019-02-26 Published:2019-02-27
  • Contact: Jin-Ling ZHANG E-mail:zhangjinling_li@163.com

摘要: Aiming at the problem that more popular network application and more complicated network traffic bring big challenge to current Trojan detecting technique, communication behavior of remote access Trojan (RAT) is analyzed, traffic features’ different performance in different communication sub-periods is discussed, and an integrated Trojan detecting model based on period feature statistics is presented. Feature statistics based on sub-periods and whole session (WS)respectively can increase the gap and classification ability of traffic features. The weighted integrated classifier can take full use of each base classifier’s advantage and compensate for each other’s weaknesses, therefore can strong system’s detecting and generalization capability. Experiment result shows that this system can recognize Trojan traffics from many kinds of normal traffic effectively.

关键词: Trojan detecting, RAT, weighted voting, integrated system

Abstract: Aiming at the problem that more popular network application and more complicated network traffic bring big challenge to current Trojan detecting technique, communication behavior of remote access Trojan (RAT) is analyzed, traffic features’ different performance in different communication sub-periods is discussed, and an integrated Trojan detecting model based on period feature statistics is presented. Feature statistics based on sub-periods and whole session (WS)respectively can increase the gap and classification ability of traffic features. The weighted integrated classifier can take full use of each base classifier’s advantage and compensate for each other’s weaknesses, therefore can strong system’s detecting and generalization capability. Experiment result shows that this system can recognize Trojan traffics from many kinds of normal traffic effectively.

Key words: Trojan detecting, RAT, weighted voting, integrated system