Binary Trojan Detection
Document Last Updated (2024/12/12)
The Binary Trojan Detection feature of UHIDS Host Intrusion Detection, independently developed, utilizes various detection methods such as code analysis, data flow analysis, and abnormal network traffic analysis. Combined with cloud big data analysis and static rule-based detection systems, it is capable of detecting stealthy and destructive binary trojan viruses.
Detection Principle
UHIDS Host Intrusion Detection checks processes on the server, using static rules and the cloud virus database to determine whether the process or file is a trojan. If it is, an alert will be triggered.
Detection Cycle
- The plugin will perform an immediate scan upon startup by default.
- It will scan every 2 hours by default.
- After a risk is cleared, the risk will be re-checked within 2 hours. If it is found to be fixed, the alert will be automatically deleted.
Detection Items
| Detection Item | Description |
|---|---|
| Mining | Supports detection of binary trojan viruses related to cryptocurrency mining |
| Ransomware | Supports detection of ransomware encryption trojan viruses |
| DDoS | Supports detection of binary trojan viruses related to DDoS attacks |
| Remote Control | Supports detection of remote control binary trojan viruses |