特洛伊木马隐蔽性研究

从木马原理出发,分析了几种木马隐藏方法,并对各自优缺点做了简要评论.     

木马程序的基因检测方法探讨

借鉴生物的基因机制,从木马程序的基因片段入手,来探究检测和查杀木马程序的方法.     

Constructing formal verification models for hardware Trojans

The effectiveness of hardware security verification is affected by the way of constructing formal verification models.To solve this problem,this paper proposes a method which can automatically construct formal verification models for hardware Trojans detection.First,the method traverses the control flow graphs of the register transfer level design to extract the path conditions of assignment statements and the corresponding expressions.The constraint relations of the Kripke’ state transition are generated based on the path conditions and the expressions.Second,the constraint relations of the Verilog grammar are transformed to the grammar of the model checker and generate the formal verification models.Finally,a model checker verifies the models and detects the hardware Trojans when a predefined specification is verified as false.In experiments,the hardware Trojans in the Trust-HUB benchmarks are detected,which shows that the models constructed by our method can effectively detect hardware Trojans in register transfer level design.     

Empirical Evaluation of Information Leakage Detection Using Net-flow Analysis

Because of the widespread of Trojans,organizations and Internet users become more vulnerable to the threat of information leakage.This paper describes an information leakage detection system（ ILDS） to detect sensitive information leakage caused by Trojan.In particular,the principles of the system are based on the analysis of net-flows in four perspectives： heartbeat behavior analysis,DNS abnormal analysis,uploaddownload ratio and content analysis.Heartbeat behavior analysis and DNS abnormal analysis are used to detect the existence of Trojans while upload-download ratio and content analysis can quickly detect when the information leakage happens.Experiments indicate that the system is reliable and efficient in detecting information leakage.The system can also help to collect and preserve digital evidence when information leakage incident occurs.     

特洛伊木马程序隐藏技术分析

首先介绍了特洛伊木马程序的一些概念，然后重点分析了木马程序的隐藏技术和常见的隐藏方式。     

浅谈木马文件特征码的定位

分析了木马文件特征码的手动和自动定位原理,介绍了借助特征码定位器实现木马文件特征码定位的两种方法。通过对两种方法特点的比较和分析得出结论:手动定位和自动定位配合使用,可以快速、准确地实现木马文件特征码的定位。     

改进边界Fisher分析近邻选择的硬件木马检测

针对旁路分析技术对小规模硬件木马检测精度低的问题,提出基于边界Fisher分析的硬件木马检测方法.定义规则式选择近邻样本,以减小样本与其同类近邻样本间距离和增大样本与其异类近邻样本间距离的方式构建投影子空间,在不对数据分布作任何假设的前提下,提取原始功耗旁路信号中的差异特征,实现硬件木马检测. AES加密电路中的硬件木马检测实验表明,该方法能够检测出占原始电路规模0.02%的硬件木马,优于已有的检测方法.     

"木马"病毒的分析、检测与防治

讨论对计算机安全危害极大的“木马”病毒的工作原理。从启动方式、通信方式和传播方式多方面进行了探讨，并对检测、清除和预防“木马”病毒提出了可行的方法。     

基于加权参数马氏距离的硬件木马检测

针对常规马氏距离判别方法对硬件木马检测率低下或失效的情况,通过对芯片运行时产生的功耗特征进行建模分析,提出了一种基于加权与双参数变换的优化判别方案.首先对标准与待测样本矩阵进行参数调整并在判别公式中加入样本矩阵特征向量权重,运用MATLAB实现参数的最优组合,最后在置信度99％的条件下计算待测样本的硬件木马检测率.对待测FPGA植入占比0.3％的硬件木马,并通过FPGA硬件木马检测平台验证表明,在常规马氏距离判别方法检测率只有43.56％的情况下,该方法检测率达到了85.14％.     

功能原子化的自适应木马模型研究

针对当前木马普遍缺乏智能和适应性的问题,提出了一种功能原子化的自适应木马模型,给出了详细工作机制和实现方案,并提出了解决木马原子选择和组合等关键问题的相应算法.最后通过实例表明,该木马模型有较强的通用性、扩展性和健壮性.该模型具有功能原子化、目标个性化和系统智能化的特点,有效提高了木马对反木马软件的免疫性能,延长了木马的生存周期.