By Topic

Trojan detection using MIB-based IDS / IPS system

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Colin Pattinson ; Innovation North Faculty, Leeds Metropolitan University, Leeds, UK ; Kemal Hajdarevic

Identifying and detecting Trojans (malicious software installed and run on a host, without the acquiescence of the host's owner) is a major element in delivering computer security. As with any computer application, installation of a Trojan leaves a ldquofootprintrdquo on the systems resources. However, detection is non-trivial: the detector must be able to recognize the symptoms against a background of a range of other (ldquosaferdquo) activities, which also consume system resources. Furthermore, such detection activity should be at least resource neutral (in other words, the resources consumed by the detection process should not be more than the resources saved in detection). Therefore, we wished to explore the potential of an economical approach that explicitly takes into account resources used. In order to achieve our aim, we explore the possibility of making use of the existing widely deployed management information database (the MIB) as the basis for detecting attempts to install Trojan software on networked systems. We identify the characteristics of typical attacks in respect of the impact they have on particular MIB objects, and propose a decision-tree based algorithm which can detect Trojan activity. We identify the likely effectiveness of this system, with particular reference to the need for such information to be gathered in a timely manner.

Published in:

Information, Communication and Automation Technologies, 2009. ICAT 2009. XXII International Symposium on

Date of Conference:

29-31 Oct. 2009