TY - JOUR KW - antivirus software KW - artificial immune systems KW - behavioural model KW - Fuzzy Logic KW - Trojan life cycle KW - Trojans KW - Trojans detection AU - Sergiy Lysenko AU - Oleg Savenko AB -

This paper presents a behavioural model of Trojans which formalizes the features of Trojans performance in computer systems. The Trojans behavioural model represents its life cycle including three stages: penetration, activation and executing destructive actions. Software for Trojans detection was developed. It is based on methods of detection in ‘monitor’ and ‘scanner’ modes. Trojans detection in monitor mode is based on a novel technique for computer system Trojans detection which uses fuzzy logic. It enables a conclusion about the degree of danger of infecting the computer system with Trojans. Trojans detection in a scanner mode is based on a novel technique for constructing the protected sequences and generation of detectors based on algorithms for artificial immune systems. It allows to reveal the fact of system files substitution of Trojans’ versions. Trojan detection software allows to detect new Trojans with high degree of reliability and efficiency.

BT - Information & Security: An International Journal DA - 2012 DO - http://dx.doi.org/10.11610/isij.2810 IS - 1 LA - eng M1 - 10 N2 -

This paper presents a behavioural model of Trojans which formalizes the features of Trojans performance in computer systems. The Trojans behavioural model represents its life cycle including three stages: penetration, activation and executing destructive actions. Software for Trojans detection was developed. It is based on methods of detection in ‘monitor’ and ‘scanner’ modes. Trojans detection in monitor mode is based on a novel technique for computer system Trojans detection which uses fuzzy logic. It enables a conclusion about the degree of danger of infecting the computer system with Trojans. Trojans detection in a scanner mode is based on a novel technique for constructing the protected sequences and generation of detectors based on algorithms for artificial immune systems. It allows to reveal the fact of system files substitution of Trojans’ versions. Trojan detection software allows to detect new Trojans with high degree of reliability and efficiency.

PY - 2012 SP - 121 EP - 132 T2 - Information & Security: An International Journal TI - Software for Computer Systems Trojans Detection as a Safety-Case Tool VL - 28 ER -