| 基于客户端蜜罐的木马隐蔽通信检测 |
| |
| 引用本文: | 张臣,王轶骏,薛质.基于客户端蜜罐的木马隐蔽通信检测[J].信息安全与通信保密,2011(2):49-51. |
| |
| 作者姓名: | 张臣 王轶骏 薛质 |
| |
| 作者单位: | 上海交通大学信息安全工程学院,上海,200240 |
| |
| 摘 要: | 当今流行的木马程序开始采用隐蔽通信技术绕过蜜罐系统的检测。首先介绍木马常用的隐蔽通信技术以及越来越流行的内核层Rootkit隐蔽通信技术,并讨论了现阶段客户端蜜罐对于恶意程序的检测方式。针对蜜罐网络通信检测机制的不足,提出了一种有效的改进方案,使用基于NDIS中间层驱动的网络数据检测技术来获取木马通信数据包。该方案能够有效检测基于网络驱动的Rootkit隐蔽通信,提取木马关键通信信息,以进行对木马行为的跟踪和分析。
|
| 关 键 词: | 客户端蜜罐 隐蔽通信 Rootkit 网络协议驱动 网络协议中间层驱动 |
Detection of Trojan Covert Communication based on Client Honeypot |
| |
| ZHANG Chen,WANG Yi-jun,XUE Zhi.Detection of Trojan Covert Communication based on Client Honeypot[J].China Information Security,2011(2):49-51. |
| |
| Authors: | ZHANG Chen WANG Yi-jun XUE Zhi |
| |
| Affiliation: | ZHANG Chen,WANG Yi-jun,XUE Zhi(Institute of Information Security Engineering,Shanghai Jiaotong University,Shanghai 200240,China) |
| |
| Abstract: | Today's popular Trojans begin to use covert communication technology and bypass the detection of honeypot system.This paper first describes the common Trojan covert communication technologies and the growing popular kernel layer Rootkit covert communication technology,then discusses the current client honeypot detecting methods for malware.Aiming at the deficiency of Honeypot detection mechanisms for network communication,an effective improvement scheme is proposed,By using network traffic detection technol... |
| |
| Keywords: | Rootkit |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
