Abstract
We present a two-layer backdoor detection system in the article. In the first-layer, Zhang and Paxson's method is applied to identify keystroke interactive connection from network traffic. In the second-layer, we adopt the Dynamic Link Library (DLL) injection technique to record all DLLs employed by the programme that evokes such interactive connection. Compared the recorded data with some pre-defined Common Feature Tables, the second-layer can then determine whether the monitored programme is a backdoor. By experiments, the best result of our system got 94.44% detection rate while False Positive was zero. In the case, the overall accuracy was 97.22%.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
