Skip to Content

Binary Trojan Detection

Document Last Updated (2024/12/12)


The Binary Trojan Detection feature of UHIDS Host Intrusion Detection, independently developed, utilizes various detection methods such as code analysis, data flow analysis, and abnormal network traffic analysis. Combined with cloud big data analysis and static rule-based detection systems, it is capable of detecting stealthy and destructive binary trojan viruses.

Detection Principle

UHIDS Host Intrusion Detection checks processes on the server, using static rules and the cloud virus database to determine whether the process or file is a trojan. If it is, an alert will be triggered.

Detection Cycle

  • The plugin will perform an immediate scan upon startup by default.
  • It will scan every 2 hours by default.
  • After a risk is cleared, the risk will be re-checked within 2 hours. If it is found to be fixed, the alert will be automatically deleted.

Detection Items

Detection ItemDescription
MiningSupports detection of binary trojan viruses related to cryptocurrency mining
RansomwareSupports detection of ransomware encryption trojan viruses
DDoSSupports detection of binary trojan viruses related to DDoS attacks
Remote ControlSupports detection of remote control binary trojan viruses