Publication Type: Journal Article
Source: Information & Security: An International Journal, Volume 28, Issue 1, Number 10, p.121-132 (2012)
Keywords: antivirus software.
, artificial immune systems
, behavioural model
, Fuzzy Logic
, Trojan life cycle
, Trojans detection
This paper presents a behavioural model of Trojans which formalizes the features of Trojans performance in computer systems. The Trojans behavioural model represents its life cycle including three stages: penetration, activation and executing destructive actions. Software for Trojans detection was developed. It is based on methods of detection in ‘monitor’ and ‘scanner’ modes. Trojans detection in monitor mode is based on a novel technique for computer system Trojans detection which uses fuzzy logic. It enables a conclusion about the degree of danger of infecting the computer system with Trojans. Trojans detection in a scanner mode is based on a novel technique for constructing the protected sequences and generation of detectors based on algorithms for artificial immune systems. It allows to reveal the fact of system files substitution of Trojans’ versions. Trojan detection software allows to detect new Trojans with high degree of reliability and efficiency.