| 基于NdisHook的木马隐蔽信道模型 |
| |
| 引用本文: | 宋志刚,郭林. 基于NdisHook的木马隐蔽信道模型[J]. 计算机工程与设计, 2007, 28(15): 3573-3576 |
| |
| 作者姓名: | 宋志刚 郭林 |
| |
| 作者单位: | 南京大学,计算机科学与技术系,江苏,南京,210093;南京大学,计算机科学与技术系,江苏,南京,210093 |
| |
| 基金项目: | 江苏省高技术研究发展计划项目 |
| |
| 摘 要: | 木马攻击行为的实施依赖于稳定可靠的隐蔽信道,隐蔽信道的核心是有效地躲避主机防火墙系统拦截.提出了基于NdisHook的木马隐蔽信道模型,克服了传统信道技术对防火墙规则的依赖,通过实验验证了该信道穿透主机防火墙的可靠性和有效性.给出了针对基于NdisHook的木马隐蔽信道的检测方法.
|
| 关 键 词: | NdisHook技术 防火墙规则 特洛伊木马 隐蔽信道 模型 检测 |
| 文章编号: | 1000-7024(2007)15-3573-04 |
| 修稿时间: | 2006-08-06 |
Model of Trojan's covert channel based on NdisHook |
| |
| SONG Zhi-gang,GUO Lin. Model of Trojan's covert channel based on NdisHook[J]. Computer Engineering and Design, 2007, 28(15): 3573-3576 |
| |
| Authors: | SONG Zhi-gang GUO Lin |
| |
| Affiliation: | Department of Computer Science and Technology, Nanjing University, Nanjing 210093, China |
| |
| Abstract: | The attack intention of Trojan Horse is based on reliable covert channel.The core of covert channel is to evade the interception of host firewall.A model of Trojan Horse's covert channel based on NdisHook technology is put forward to avoid relier of the rules of host firewall.In the same time,the author validate the reliability of the model via experimentation to pass through host firewall.Finally some methods are presented to detect it. |
| |
| Keywords: | NdisHook technology firewall rules Trojan Horse covert channel model detection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
