Title: A dynamic backdoor detection system based on Dynamic Link Libraries

Authors: Shi-Jinn Horng, Ming-Yang Su, Ja-Ga Tsai

Addresses: Department of Computer Science and Information Engineering, Taiwan Information Security Center (TWISC) National Taiwan University of Science and Technology, No 43, Sec.4, Keelung Road, Taipei 10617, Taiwan; Department of Electronic Engineering, National United University, Miaoli, Taiwan. ' Department of Computer Science and Information Engineering, Ming Chuan University, No 5 Teh Ming Road, Gwei Shan District, Taoyuan 333, Taiwan. ' Department of Computer Science and Information Engineering, National Taiwan University of Science and Technology, No 43, Sec.4, Keelung Road, Taipei 10617, Taiwan

Abstract: We present a two-layer backdoor detection system in the article. In the first-layer, Zhang and Paxson|s method is applied to identify keystroke interactive connection from network traffic. In the second-layer, we adopt the Dynamic Link Library (DLL) injection technique to record all DLLs employed by the programme that evokes such interactive connection. Compared the recorded data with some pre-defined Common Feature Tables, the second-layer can then determine whether the monitored programme is a backdoor. By experiments, the best result of our system got 94.44% detection rate while False Positive was zero. In the case, the overall accuracy was 97.22%.

Keywords: backdoor detection systems; backdoor programmes; DLL; dynamic link libraries; DLL injection; electronic commerce; e-commerce; internet security; keystroke interactive connections.

DOI: 10.1504/IJBSR.2008.020577

International Journal of Business and Systems Research, 2008 Vol.2 No.3, pp.244 - 257

Published online: 30 Sep 2008 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article