中文摘要：

针对传统窃密木马检测所面临的特征库维护困难,无法检测未知木马等问题,通过对窃密木马通信过程的分析,提取多个网络行为特征,作为检测依据。并在传统的单分类器检测系统的基础上,利用差异性较大的多种分类算法构造基分类器,提出基于Adaboost算法的窃密木马网络行为检测模型。实验结果表明,该模型对常见的窃密木马都具有较好的检测能力。

英文摘要：

Theft Trojan is one of the most important threats to network security. Most traditional detection methods suffer from some limitations, e. g. , it＇ s diffieuh to maintain feature database and unable to discover new Trojan. We analyze the communication process of some theft Trojans and extract several network behavior characteristics for detecting. According to single-classifier detection system, an ensemble classifier is constructed by using several different classification algorithms. Finally, we propose a detection model of theft Trojan network behavior based on the Adaboost algorithm. The experiment results show that the model is able to discover a variety of theft Trojans and the false positive is lower.