摘要：

基于通信行为分析的木马检测算法的计算复杂度较高。为此，提出一种基于心跳行为分析的木马快速检测方法，通过对木马通信中心跳行为的描述，选取2个会话特征对木马通信流与正常通信流进行分类，基于该方法设计一个木马快速检测系统TRDS。实验结果表明，TRDS能够在百兆线速网络中快速有效地检测出木马通信。

关键词: 木马检测, 会话特征, 通信流分析, 行为分析, 心跳行为, 快速检测

Abstract:

Trojan detection algorithm based on behavior analysis of communication has high computational complexity. Addressing the problem, this paper proposes a Trojan rapid detection based on heartbeat behavior analysis. The method selects two session attributes to describe the difference between Trojan communication flow and normal communication flow on the basis of description of heartbeat behavior in the Trojan communication large numbers of analysis on Trojan samples. And then Trojan Rapid Detection System(TRDS) is built based on the method. Experimental results show that TRDS can detect the Trojan communication in the 100 Mbit/s network rapidly and efficiently.

Key words: Trojan detection, session feature, communication flow analysis, behavior analysis, heartbeat behavior, rapid detection

中图分类号: 

• TP393.08