首页 | 本学科首页   官方微博 | 高级检索  
相似文献
 共查询到20条相似文献,搜索用时 62 毫秒
1.
木马隐藏技术的研究与分析   总被引:1,自引:0,他引:1  
刘澜  高悦翔 《通信技术》2010,43(4):78-80
以WINDOWS系统环境为基础,分析了常见的木马隐藏技术及其特点,并给出了部分技术的实现原理。首先分析了单一木马程序的常见隐藏技术,然后根据Harold Thimbleby提出的木马模型和木马协同隐藏思想,提出了一种基于动态星型结构的木马协同隐藏模型,该模型展现了基于多木马结构的协同隐藏思想,通过采用代理方式通信,提高了各木马程序的隐蔽性和生存周期,增加了追查木马程序控制端地址的难度。  相似文献   

2.
当今流行的木马程序开始采用隐蔽通信技术绕过蜜罐系统的检测。首先介绍木马常用的隐蔽通信技术以及越来越流行的内核层Rootkit隐蔽通信技术,并讨论了现阶段客户端蜜罐对于恶意程序的检测方式。针对蜜罐网络通信检测机制的不足,提出了一种有效的改进方案,使用基于NDIS中间层驱动的网络数据检测技术来获取木马通信数据包。该方案能够有效检测基于网络驱动的Rootkit隐蔽通信,提取木马关键通信信息,以进行对木马行为的跟踪和分析。  相似文献   

3.
内核级木马隐藏技术研究与实践   总被引:9,自引:0,他引:9  
文章通过对现有Linux下的内核级木马的隐藏和检测技术的分析研究,讨论了有关的隐藏和检测技术,并在此基础上实现了一个内核级木马。通过实验测试,该木马达到了较好的隐藏效果,可以避过目前大多数检测工具的检测。  相似文献   

4.
对当前主流的木马技术原理进行了深入的剖析,对主流木马的基本功能、隐藏机制和传播途径进行了研究,对主流木马使用的两种技术——API HOOK技术和SPI技术进行了细致地分析,根据新型木马实现隐藏的机制,提出了相关检测和清除的技术,探索出了一种新型木马的检测和清除方法。最后总结出了可以对新型木马实施清除的有效方法,实现了利用迭代比较法查杀木马的示例软件。  相似文献   

5.
基于API HOOK技术的特洛伊木马攻防研究   总被引:1,自引:0,他引:1  
文章首先对Windows下的API HOOK技术进行分析研究,并将该技术运用于特洛伊木马的属性隐藏中。然后在此基础上实现了一个基于API HOOK技术的内核级木马。通过实验测试,该木马达到了较好的隐藏效果,可以避开目前大多数检测工具的检测。最后,讨论了基于API HOOK技术的特洛伊木马的检测技术。  相似文献   

6.
木马的植入与隐藏技术分析   总被引:8,自引:1,他引:7  
论文首先介绍了木马的定义,概括了木马的特征——隐蔽性、欺骗性、自启动性和自动恢复性,并简单介绍了木马的结构和功能。随后,从缓冲区溢出、网站挂马、电子邮件、QQ传播等方面介绍了木马的植入技术,重点从通信隐藏、进程隐藏、文件隐藏三个方面介绍了木马的隐藏技术,最后展望了木马技术的发展趋势。  相似文献   

7.
内核级木马是黑客入侵系统后保留后门的重要技术。文章主要分析和讨论了目前Linux下的常见的内核级木马的隐藏方法及其检测原理,重点分析了基于符号执行的模块二进制木马分析方法。  相似文献   

8.
介绍网络隐蔽通道及其识别技术.在对网络隐蔽通道概念、原理和分类进行具体介绍的基础上,提出特征匹配、协议异常分析和行为异常分析三种隐蔽通道检测技术,并具体介绍了一个针对行为异常分析检测技术的典型应用.文中就网络隐蔽通道检测技术提出的三种手段相结合的思路具有较高的实用性和一定的创新性,已在实际应用中取得了较好的效果.  相似文献   

9.
Rootkit木马隐藏技术分析与检测技术综述   总被引:1,自引:0,他引:1  
对Rootkit技术和Windows操作系统内核工作流程作了简要介绍,对Rootkit木马的隐藏技术进行了分析,内容包括删除进程双向链表中的进程对象实现进程隐藏、SSDT表内核挂钩实现进程、文件和注册表键值隐藏和端口隐藏等Rootkit木马的隐藏机理,同时还对通过更改注册表和修改寄存器CR0的写保护位两种方式屏蔽WindowsXP和2003操作系统SSDT表只读属性的技术手段做了简要分析。最后对采用删除进程双项链表上的进程对象、更改内核执行路径和SSDT表内核调用挂钩3种Rootkit隐藏木马的检测技术作了概要性综述。  相似文献   

10.
在泛在网络环境下,隐蔽通道通过修改系统共享资源,绕开系统的安全策略传输隐蔽信息,给计算机和网络系统造成了严重的安全威胁。针对此问题,主要从度量、构建和检测3个方面对泛在网络环境下的隐蔽通道相关研究进行归纳和分析。首先,总结归纳了典型的隐蔽通道度量指标,包括隐蔽通道的容量、稳健性、抗检测性、规律性和形状。其次,归纳整理了隐蔽通道的构建方法,并从共享资源、容量、稳健性、抗检测性、优点和缺点6个方面对隐蔽通道构建技术进行了对比分析。再次,从隐蔽通道类型、准确率、是否能盲检、优点和缺点5个方面对比分析了隐蔽通道的检测技术。最后,总结了隐蔽通道的发展趋势并展望了未来研究方向。  相似文献   

11.
DUV lithography, using the 248 nm wavelength, is a viable manufacturing option for devices with features at 130 nm and less. Given the low kl value of the lithography, integrated process development is a necessary method for achieving acceptable process latitude. The application of assist features for rule based OPC requires the simultaneous optimization of the mask, illumination optics and the resist.Described in this paper are the details involved in optimizing each of these aspects for line and space imaging.A reference pitch is first chosen to determine how the optics will be set. The ideal sigma setting is determined by a simple geometrically derived expression. The inner and outer machine settings are determined, in turn,with the simulation of a figure of merit. The maximum value of the response surface of this FOM occurs at the optimal sigma settings. Experimental confirmation of this is shown in the paper.Assist features are used to modify the aerial image of the more isolated images on the mask. The effect that the diffraction of the scattering bars (SBs) has on the image intensity distribution is explained. Rules for determining the size and placement of SBs are also given.Resist is optimized for use with off-axis illumination and assist features. A general explanation of the material' s effect is discussed along with the affect on the through-pitch bias. The paper culminates with the showing of the lithographic results from the fully optimized system.  相似文献   

12.
This paper presents a new method to increase the waveguide coupling efficiency in hybrid silicon lasers. We find that the propagation constant of the InGaAsP emitting layer can be equal to that of the Si resonant layer through improving the design size of the InP waveguide. The coupling power achieves 42% of the total power in the hybrid lasers when the thickness of the bonding layer is 100 nm. Our result is very close to 50% of the total power reported by Intel when the thickness of the thin bonding layer is less than 5 nm. Therefore, our invariable coupling power technique is simpler than Intel's.  相似文献   

13.
Waveguide multilayer optical card (WMOC) is a novel storage device of three-dimensional optical information. An advanced readout system fitting for the WMOC is introduced in this paper. The hardware mainly consists of the light source for reading, WMOC, motorized stages addressing unit, microscope imaging unit, CCD detecting unit and PC controlling & processing unit. The movement of the precision motorized stage is controlled by the computer through Visual Basic (VB) language in software. A control panel is also designed to get the layer address and the page address through which the position of the motorized stages can be changed. The WMOC readout system is easy to manage and the readout result is directly displayed on computer monitor.  相似文献   

14.
The relation between the power of the Brillouin signal and the strain is one of the bases of the distributed fiber sensors of temperature and strain. The coefficient of the Bfillouin gain can be changed by the temperature and the strain that will affect the power of the Brillouin scattering. The relation between the change of the Brillouin gain coefficient and the strain is thought to be linear by many researchers. However, it is not always linear based on the theoretical analysis and numerical simulation. Therefore, errors will be caused if the relation between the change of the Brillouin gain coefficient and the strain is regarded as to be linear approximately for measuring the temperature and the strain. For this reason, the influence of the parameters on the Brillouin gain coefficient is proposed through theoretical analysis and numerical simulation.  相似文献   

15.
Today, micro-system technology and the development of new MEMS (Micro-Electro-Mechanical Systems) are emerging rapidly. In order for this development to become a success in the long run, measurement systems have to ensure product quality. Most often, MEMS have to be tested by means of functionality or destructive tests. One reason for this is that there are no suitable systems or sensing probes available which can be used for the measurement of quasi inaccessible features like small holes or cavities. We present a measurement system that could be used for these kinds of measurements. The system combines a fiber optical, miniaturized sensing probe with low-coherence interferometry, so that absolute distance measurements with nanometer accuracy are possible.  相似文献   

16.
The parallel thinning algorithm with two subiterations is improved in this paper. By analyzing the notions of connected components and passes, a conclusion is drawn that the number of passes and the number of eight-connected components are equal. Then the expression of the number of eight-connected components is obtained which replaces the old one in the algorithm. And a reserving condition is proposed by experiments, which alleviates the excess deletion where a diagonal line and a beeline intersect. The experimental results demonstrate that the thinned curve is almost located in the middle of the original curve connectivelv with single pixel width and the processing speed is high.  相似文献   

17.
From its emergence in the late 1980s as a lower cost alternative to early EEPROM technologies, flash memory has evolved to higher densities and speedsand rapidly growing acceptance in mobile applications.In the process, flash memory devices have placed increased test requirements on manufacturers. Today, as flash device test grows in importance in China, manufacturers face growing pressure for reduced cost-oftest, increased throughput and greater return on investment for test equipment. At the same time, the move to integrated flash packages for contactless smart card applications adds a significant further challenge to manufacturers seeking rapid, low-cost test.  相似文献   

18.
It is well known that adding more antennas at the transmitter or at the receiver may offer larger channel capacity in the multiple-input multiple-output(MIMO) communication systems. In this letter, a simple proof is presented for the fact that the channel capacity increases with an increase in the number of receiving antennas. The proof is based on the famous capacity formula of Foschini and Gans with matrix theory.  相似文献   

19.
In order to diagnose the laser-produced plasmas, a focusing curved crystal spectrometer has been developed for measuring the X-ray lines radiated from a laser-produced plasmas. The design is based on the fact that the ray emitted from a source located at one focus of an ellipse will converge on the other focus by the reflection of the elliptical surface. The focal length and the eccentricity of the ellipse are 1350 mm and 0.9586, respectively. The spectrometer can be used to measure the X- ray lines in the wavelength range of 0.2-0.37 nm, and a LiF crystal (200) (2d = 0.4027 nm) is used as dispersive element covering Bragg angle from 30° to 67.5°. The spectrometer was tested on Shengnang- Ⅱ which can deliver laser energy of 60-80 J/pulse and the laser wavelength is 0.35 μm. Photographs of spectra including the 1 s2p ^1P1-1s^2 ^1S0 resonance line(w), the 1s2p ^3P2-1s^2 1S0 magnetic quadrupole line(x), the 1s2p ^3P1-1 s^2 ^1S0 intercombination lines(y), the 1 s2p ^3S~1-1 s^2 ^1S0 forbidden line(z) in helium-like Ti Ⅹ Ⅺ and the 1 s2s2p ^2P3/2-1 s622s ^2S1/2 line(q) in lithium-like Ti Ⅹ Ⅹhave been recorded with a X-ray CCD camera. The experimental result shows that the wavelength resolution(λ/△ 2) is above 1000 and the elliptical crystal spectrometer is suitable for X-ray spectroscopy.  相似文献   

20.
High purity organic-tantalum precursors for thin film ALD TaN were synthesized and characterized.Vapor pressure and thermal stability of these precursors were studied.From the vapor pressure analysis,it was found that TBTEMT has a higher vapor pressure than any other published liquid TaN precursor,including TBTDET,TAITMATA,and IPTDET.Thermal stability of the alkyl groups on the precursors was investigated using a 1H NMR technique.The results indicated that the tertbutylimino group is the most stable group on TBTDET and TBTEMT as compared to the dialkylamido groups.Thermal stability of TaN precursors decreased in the following order:TBTDET > PDMAT > TBTEMT.In conclusion,precursor vapor pressure and thermal stability were tuned by making slight variations in the ligand sphere around the metal center.  相似文献   

设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号