| 通过进程监视检测木马攻击 |
| |
| 引用本文: | 陈桂清,伍乃骐,滕少华. 通过进程监视检测木马攻击[J]. 计算机应用, 2003, 23(11): 130-133 |
| |
| 作者姓名: | 陈桂清 伍乃骐 滕少华 |
| |
| 作者单位: | 广东工业大学,机电工程学院,广东,广州,510090 |
| |
| 基金项目: | 广东省自然科学基金团队项目 (2 0 0 0 3 0 51 ) |
| |
| 摘 要: | 文中提出与实现了一种新的木马检测方法,该方法通过监视计算机对外通信的端口来跟踪与其关联进程的操作行为,并结合了一些已知木马的特征,从而达到有效地检测一些已知和未知的木马。
|
| 关 键 词: | 网络攻击 信息安全 木马检测 |
| 文章编号: | 1001-9081(2003)11-0130-04 |
| 修稿时间: | 2003-05-27 |
Trojan Horse Detection by Process Tracing |
| |
| Abstract: | In this Paper, a new technique for Trojan horse detection is proposed. Using this technique, the communication ports are monitored and the corresponding processes are traced,moreover, some features of known Trojan horses are merged. It can detect not only known Trojan horses, but also unknown Trojans. |
| |
| Keywords: | network intrusion information assurance trojan horse detection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
