| 基于虚拟机与API调用监控技术的APT木马取证研究 |
| |
| 引用本文: | 朱平,杜彦辉.基于虚拟机与API调用监控技术的APT木马取证研究[J].信息网络安全,2014(4):78-81. |
| |
| 作者姓名: | 朱平 杜彦辉 |
| |
| 作者单位: | 中国人民公安大学,北京100038 |
| |
| 摘 要: | APT(Advanced Persistent Threat)攻击通常由具有丰富经验的网络渗透组织或团队实施,具有持续时间长、技术性强、策略性高的特点,攻击中使用的APT木马变化无穷,常规杀毒软件难于检测,严重威胁了国家核心机构和重点部门的安全,同时也给电子数据取证带来了很大的挑战。文章提出了一种基于基于虚拟机与API调用监控技术的APT木马取证模型,可有效对APT木马的攻击行为进行取证。
|
| 关 键 词: | APT木马 虚拟机 API调用监控 电子数据取证 |
Research on APT-Trojan Forensics based on Virtual Machine and API Monitor |
| |
| ZHU Ping,DU Yan-hui.Research on APT-Trojan Forensics based on Virtual Machine and API Monitor[J].Netinfo Security,2014(4):78-81. |
| |
| Authors: | ZHU Ping DU Yan-hui |
| |
| Affiliation: | (People's Public Security University of China, Beijing 100038, China) |
| |
| Abstract: | APT attack is the most serious threat to national organization and corporation. Generally,it is controlled by a meticulouslydesigned organization and can hardly be detected. It has advanced,persistent andhigh strategy characteristics.This paper presents a module for APT-TrojanForensic,which is based on Virtual machineand API monitor. |
| |
| Keywords: | APT-Trojan virtual machine API monitor electronic forensic |
| 本文献已被 CNKI 维普 等数据库收录! |
