Conference Paper

Hunting Trojan Horses.

DOI: 10.1145/1181309.1181312 Conference: Proceedings of the 1st Workshop on Architectural and System Support for Improving Software Dependability, ASID 2006, San Jose, California, USA, October 21, 2006
Source: DBLP

ABSTRACT Abstract In this report we present HTH (Hunting Trojan Horses), a security framework for detecting Trojan Horses and Backdoors. The framework,is composed,of two main,parts: 1) Harrier – an application,security monitor,that performs,run-time monitoring to dynamically,collect execution-related data, and 2) Secpert – a security-specific Expert System based on CLIPS, which analyzes the events collected by Harrier. Our main,contributions,to the security research are three-fold. First we identify common malicious behaviors, patterns, and characteristics of Trojan Horses and Backdoors. Second we develop a security policy that can identify such malicious behavior and open the door for effectively using expert systems to implement complex security policies. Third, we construct a prototype,that successfully detects Trojan Horses and Backdoors. 1,Introduction Computer,attacks grew,at an alarming,rate in 2004 [26] and this rate is expected,to rise.

  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper presents a proof of concept of a neural network Trojan. The neural network Trojan consists of a neural network that has been trained with a compromised dataset and modified code. The Trojan implementation is carried out by insertion of a malicious payload encoded into the weights alongside with the data of the intended application. The neural Trojan is specifically designed so that when a specific entry is fed into the trained neural network, it triggers the interpretation of the data as payload. The paper presents a background on which this attack is based and provides the assumptions that make the attack possible. Two embodiments of the attack are presented consisting of a basic backpropagation network and a Neural Network Trojan with Sequence Processing Connections (NNTSPC). The two alternatives are used depending on the underlying circumstances on which the compromise is launched. Experimental results are carried out with synthetic as well as a chosen existing binary payload. Practical issues of the attack are also discussed, as well as a discussion on detection techniques.
    Journal of Computer Security. 01/2013; 21.
  • [Show abstract] [Hide abstract]
    ABSTRACT: The focus of this paper will demonstrate the need to clearly define and segregate various user space environments in the enterprise network infrastructure with controls ranging from administrative to technical and still provide the various services needed to facilitate the work space environment and administrative requirements of an enterprise system. Standards assumed are industry practices and associated regulatory requirements with implementations as they apply to the various contextual applications. This is a high level approach to understanding the significance and application of an effective secure network infrastructure. The focus is on end user needs and the associated services to support those needs. Conceptually user space is a virtual area allocated to the end user needs identified with specific services to support those needs by creating a virtual playground. To manage risk, the concept of creating a "security threat gateway (STG)" isolates and secures each user space with its associated services. Emphasis will be placed on the functional managerial process and application of the STG, safeguarding one user space from another, to facilitate the use of the needed services to perform the operational tasks of the organization. When user's needs and associated components are clearly identified, then it is possible for anyone to use this model as a template, to guide them in creating an effective strategy for their own network security. This approach is practical in orientation and application, focusing on a high level perspective and assumes the reader already has a low level technical background for a tactical implementation in mitigating risk to the enterprise network infrastructure.

Full-text (5 Sources)

Available from
May 20, 2014