Integrated Trojan detecting model based on period feature statistics

doi:10.19682/j.cnki.1005-8885.2019.0004

The Journal of China Universities of Posts and Telecommunications ›› 2019, Vol. 26 ›› Issue (1): 32-39.doi: 10.19682/j.cnki.1005-8885.2019.0004

• Security • Previous Articles Next Articles

Integrated Trojan detecting model based on period feature statistics

Received:2018-10-10 Revised:2018-12-13 Online:2019-02-26 Published:2019-02-27
Contact: Jin-Ling ZHANG E-mail:zhangjinling_li@163.com

Abstract

Abstract: Aiming at the problem that more popular network application and more complicated network traffic bring big challenge to current Trojan detecting technique, communication behavior of remote access Trojan (RAT) is analyzed, traffic features’ different performance in different communication sub-periods is discussed, and an integrated Trojan detecting model based on period feature statistics is presented. Feature statistics based on sub-periods and whole session （WS）respectively can increase the gap and classification ability of traffic features. The weighted integrated classifier can take full use of each base classifier’s advantage and compensate for each other’s weaknesses, therefore can strong system’s detecting and generalization capability. Experiment result shows that this system can recognize Trojan traffics from many kinds of normal traffic effectively.

Key words: Trojan detecting, RAT, weighted voting, integrated system

References

1. Kolter J Z, Maloof M A. Learning to detect and classify malicious executables in the wild. Journal of Machine Learning Research, 2006, 7: 2721-2744

2. Gao D B, Reiter M K, Song D W. BinHunt: Automatically finding semantic differences in binary programs. Information and Communications Security: Proceedings of the 10th International Conference on Information and Communications Security (ICICS’08), Oct 220-22, 2008, Birmingham, UK. LNCS 5308. Berlin, Germany: Springer-Verlag, 2008: 238-255

3. Valenti S, Rossi D, Dainotti A, et al. Reviewing traffic classification. Data Traffic Monitoring and Analysis. LNCS 7754. Berlin, Germany: Springer-Verlag, 2013: 123-147

4. Xue Y, Wang D W, Zhang L S. Traffic classification: Issues and challenges. Proceedings of the 2013 International Conference on Computing, Networking and Communications (ICNC’13), Jan 28-31, 2013, San Diego, CA, USA. Piscataway, NJ, USA: IEEE, 2013: 545-549

5. Dusi M, Crotti M, Gringoli F, et al. Tunnel hunter: Detecting application-layer tunnels with statistical fingerprinting. Computer Networks, 2009, 53(1): 81-97.

6. Chen Q Z, Cheng R, Gu Y J. Classification algorithms of Trojan horse detection based on behavior. Proceedings of the 2009 International Conference on Multimedia Information Networking and Security (MINES'09): Vol 2, Nov 18-20, 2009, Wuhan, China. Piscataway, NJ, USA: IEEE, 2009: 510-513

7. Liu Y F, Zhang L W, Liang J, et al. Detecting Trojan horses based on system behavior using machine learning method. Proceedings of the 2010 International Conference on Machine Learning and Cybernetics (ICMLC’10): Vol 2, Jul 11-14, 2010, Qingdao, China. Piscataway, NJ, USA: IEEE, 2010: 855-860

8. Bayer U, Comparetti P M, Hlauschek C, et al. Scalable, behavior-based malware clustering. Proceedings of the Network and Distributed System Security Symposium (NDSS’09), Feb 8-11, 2009, San Diego, CA, USA. 2009: 18p

9. Gudipati V K, Vetwal A, Kumar V, et al. Detection of Trojan Horses by the analysis of system behavior and data packets. Proceedings of the 2015 IEEE Conference on Long Island Systems, Applications and Technology (LISAT’15), May 1, 2015, Farmingdale, NY, USA. Piscataway, NJ, USA: IEEE, 2015: 4p

10. Lan J H, Liu S L, Wu S, et al. Research on ensamble classification model of Trojan traffic detection. Journal of Xi’an Jiaotong University, 2015, 49(8): 84-89 (in Chinese)

11. Tegeler F, Fu X, Vigna G, et al. Botfinder: Finding bots in network traffic without deep packet inspection. Proceedings of the 8th International Conference on Emerging Networking Experiments and Technologies (CoNEXT '12), Dec 10-13, 2012, Nice, France. New York, NY, USA: ACM, 2012: 349-360

12. Xu P, Liu S L, Lan J H, et al. Trojan detection method based on analysis of multiple data flow. Application Research of Computers, 2015, 32(3): 890-894 (in Chinese)

13. Li S C, Yun X C, Zhang Y Z. A model of Trojan communication behavior detection based on hierarchical clustering technique. Journal of Computer Research and Development, 2012, 49(S2): 9-16 (in Chinese)

14. Li W, Li L H, Li J, et al. Characteristics analysis of traffic behavior of remote access trojan in three communication phases. Netinfo Security, 2015, (5): 10-15 (in Chinese)

Adachi D, Omote K. A host-based detection method of remote access Trojan in the early stage. Information Security Practice and Experience: Proceedings of the 12th International Conference on Information Security Practice and Experience (ISPEC'16), Nov 16-18, 2016, Zhangjiajie, China. LNCS 10060. Berlin, Germany: Springer-Verlag, 2016: 110-121

Metrics

Comments

Copyright © 2020 The Journal of China Universities of Posts and Telecommunications
　 Adress: P.O. Box 231,Beijing University of Posts and Telecommunications,10 Xi Tucheng Road,Beijing 100876,P.R.China　Post Code: 100081
Tel：86-010-62282493　Fax： 86-010-62283461　E-mail: jchupt@bupt.edu.cn
Support by: Beijing Magtech Co.Ltd

Integrated Trojan detecting model based on period feature statistics

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 0

Recommended Articles

Metrics

Comments