| 基于模拟加载法的DLL木马检测模型设计* |
| |
| 引用本文: | 钟明全,唐彰国,李焕洲,张健. 基于模拟加载法的DLL木马检测模型设计*[J]. 计算机应用研究, 2011, 28(10): 3790-3792. DOI: 10.3969/j.issn.1001-3695.2011.10.050 |
| |
| 作者姓名: | 钟明全 唐彰国 李焕洲 张健 |
| |
| 作者单位: | 四川师范大学网络与通信技术研究所,成都,610066 |
| |
| 基金项目: | 四川省应用基础研究项目(07JY029-011);四川省教育厅项目(08ZA043) |
| |
| 摘 要: | 针对DLL木马不能直接运行的特性和高隐蔽性带来的检测难度,设计了一个基于模拟加载技术的DLL木马检测模型,并基于该模型实现了一个DLL木马检测系统。介绍了检测系统的总体结构图,阐述了检测系统的模块架构,给出了特征信息库的建立流程,详细分析了检测系统的关键技术。实验结果表明,基于模拟加载法的DLL木马检测系统能够快速判定被检测文件的危险等级,可以有效降低漏报率。
|
| 关 键 词: | DLL木马; 模拟加载; 动态嵌入; 行为分析; 漏报率 |
Design of detection model for DLL-Trojan based on method of simulation loading |
| |
| ZHONG Ming-quan,TANG Zhang-guo,LI Huan-zhou,ZHANG Jian. Design of detection model for DLL-Trojan based on method of simulation loading[J]. Application Research of Computers, 2011, 28(10): 3790-3792. DOI: 10.3969/j.issn.1001-3695.2011.10.050 |
| |
| Authors: | ZHONG Ming-quan TANG Zhang-guo LI Huan-zhou ZHANG Jian |
| |
| Affiliation: | (Institute of Computer Network & Communication Technology, Sichuan Normal University, Chengdu 610066, China) |
| |
| Abstract: | In allusion to detection difficulty caused by speciality that DLL-Trojan can't be executed directly and feature of high concealment,this paper designed a detection model of DLL-Trojan based on technology of simulation loading,and rea-lized detection system of DLL-Trojan based on it.It introduced general structure diagram of detection system in brief,explained module framework of detection system,gave flow chart to constitute characteristic information library,and analyzed critical technology of detection sy... |
| |
| Keywords: | DLL-Trojan simulation loading dynamic embedding behavior analysis unreported rate |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
