The Journal of China Universities of Posts and Telecommunications ›› 2019, Vol. 26 ›› Issue (1): 32-39.doi: 10.19682/j.cnki.1005-8885.2019.0004

• Security • Previous Articles     Next Articles

Integrated Trojan detecting model based on period feature statistics

  

  • Received:2018-10-10 Revised:2018-12-13 Online:2019-02-26 Published:2019-02-27
  • Contact: Jin-Ling ZHANG E-mail:zhangjinling_li@163.com

Abstract: Aiming at the problem that more popular network application and more complicated network traffic bring big challenge to current Trojan detecting technique, communication behavior of remote access Trojan (RAT) is analyzed, traffic features’ different performance in different communication sub-periods is discussed, and an integrated Trojan detecting model based on period feature statistics is presented. Feature statistics based on sub-periods and whole session (WS)respectively can increase the gap and classification ability of traffic features. The weighted integrated classifier can take full use of each base classifier’s advantage and compensate for each other’s weaknesses, therefore can strong system’s detecting and generalization capability. Experiment result shows that this system can recognize Trojan traffics from many kinds of normal traffic effectively.

Key words: Trojan detecting, RAT, weighted voting, integrated system