01565nas a2200241 4500000000100000000000100001000000100002008004100003260000900044653002300053653003000076653002200106653001600128653002200144653001200166653002200178100001900200700001700219245007400236300001200310490000700322520099400329 2012 d c201210aantivirus software10aartificial immune systems10abehavioural model10aFuzzy Logic10aTrojan life cycle10aTrojans10aTrojans detection1 aSergiy Lysenko1 aOleg Savenko00aSoftware for Computer Systems Trojans Detection as a Safety-Case Tool a121-1320 v283 a
This paper presents a behavioural model of Trojans which formalizes the features of Trojans performance in computer systems. The Trojans behavioural model represents its life cycle including three stages: penetration, activation and executing destructive actions. Software for Trojans detection was developed. It is based on methods of detection in ‘monitor’ and ‘scanner’ modes. Trojans detection in monitor mode is based on a novel technique for computer system Trojans detection which uses fuzzy logic. It enables a conclusion about the degree of danger of infecting the computer system with Trojans. Trojans detection in a scanner mode is based on a novel technique for constructing the protected sequences and generation of detectors based on algorithms for artificial immune systems. It allows to reveal the fact of system files substitution of Trojans’ versions. Trojan detection software allows to detect new Trojans with high degree of reliability and efficiency.