Detection of Trojan horse by Analysis of System Behavior and Data Packets
Authors
Abuzneid, Abdelshakour A.
Gudipati, Vamshi Krishna
Kumar, Varun
Vetwal, Aayush
Adeniyi, Anjorin
Issue Date
2015-03-27
Type
Presentation
Language
en_US
Keywords
Trojan virus , Windows operating system , Virus detection , Computer science
Alternative Title
Abstract
Trojan horse is said to be one of the most serious threats to computer security. A Trojan horse is an executable file in the Windows operating system. These executable files will have certain static and runtime characteristics. Multiple Windows system process will be called whenever a Trojan horse tries to execute any operation on the system. In this paper a new Trojan horse detection method by using Windows dynamic link libraries to identify system calls from a Trojan horses is explicated. Process explorer is used to identify the malicious executable and to determine whether it is a Trojan or not. Further, an attempt is made to study the network behavior after a Trojan horse is executed using wire shark.