資源描述:
《基于進(jìn)程和通信隱藏的木馬設(shè)計(jì)與實(shí)現(xiàn)論文》由會(huì)員上傳分享��,免費(fèi)在線閱讀���,更多相關(guān)內(nèi)容在學(xué)術(shù)論文-天天文庫。
1��、分基于進(jìn)程和通信隱藏的木馬設(shè)計(jì)與實(shí)現(xiàn)論文作者姓名:申請(qǐng)學(xué)位專業(yè):申請(qǐng)學(xué)位類別:指導(dǎo)教師姓名(職稱):論文提交日期:第22頁共23頁基于進(jìn)程和通信隱藏的木馬設(shè)計(jì)與實(shí)現(xiàn)摘要近年來�����,特洛伊木馬等惡意代碼己經(jīng)成為網(wǎng)絡(luò)安全的重要威脅��。很多國家都采取積極的網(wǎng)絡(luò)安全防御措施,投入大量的人力和物力研究網(wǎng)絡(luò)信息安全技術(shù)�����。文章首先分析了傳統(tǒng)木馬的一般工作原理及其植入�����、加載、隱藏等關(guān)鍵技術(shù)����。隨著網(wǎng)絡(luò)技術(shù)的不斷更新和發(fā)展,木馬技術(shù)也在不斷地更新?lián)Q代,現(xiàn)代木馬的進(jìn)程隱藏和通信隱藏等等都發(fā)生了變化���。進(jìn)程的隱藏和通信的隱藏一直是木馬
2���、程序設(shè)計(jì)者不斷探求的重要技術(shù)。攻擊者為達(dá)到進(jìn)程隱藏的目的��,采用遠(yuǎn)程線程和動(dòng)態(tài)鏈接庫�����,將木馬作為線程隱藏在其他進(jìn)程中�。選用一般安全策略都允許的端口通信,如80端口,則可輕易穿透防火墻和避過入侵檢測系統(tǒng)等安全機(jī)制的檢測,從而具有很強(qiáng)的隱蔽性����。本文研究了如何將Windows環(huán)境下的動(dòng)態(tài)鏈接庫(DLL)技術(shù)與遠(yuǎn)程線程插入技術(shù)結(jié)合起來實(shí)現(xiàn)特洛伊木馬植入的新方案。在該方案中�����,提出了特洛伊木馬程序DLL模塊化,并且創(chuàng)建了獨(dú)立的特洛伊木馬植入應(yīng)用程序,將木馬程序的DLL模塊植入宿主進(jìn)程����。實(shí)驗(yàn)結(jié)果證明該方案能實(shí)現(xiàn)的木馬植
3���、入����,具有很好的隱蔽性和靈活性��。關(guān)鍵詞:特洛伊木馬�����;動(dòng)態(tài)連接庫���;進(jìn)程插入�����;遠(yuǎn)程線程第22頁共23頁TheDesignandImplementationofTrojanHorsesBaseonProcessHidingandCommunicationsHidingAbstractInrecentyears,maliciouscodesincludingTrojanhavethreatenednetworkinformationsecurity,andmoreandmorecountriespaidatten
4�����、tiontotakeactivemeasurestoprotectthenetwork,andspentalotinresearchtodevelopnetworkinformationsecuritytechnologymentallyandmaterially.Thispaperfirstlyanalysesthebasicprinciple,entrytechnology,loadtechnologyandhidingtechnologyoftraditionalTrojanhorse.Witht
5��、hedevelopmentofnetworktechnology,Trojanhorsetechnologyisupgradingconstantly.ModernTrojanhorseischangedinprocesshidingandcommunicationhiding.TheprocesshidingandcommunicationshidingareimportanttechnologybeingexploredbyTrojanhorseprogrammersalllong.Adopting
6�、themeasureofdynamiclinkstorage,andRemoteThreadtechnology,andhidingTrojanhorsebehindtheotherprocessesasathreadprogram,itiseasytohide.Choosingtheportcorrespondencewhichispermittedbyalmostalltheordinarysecuritypolicy,likes80port,mayeasilypenetratethefirewal
7、landavoidtheexamineofsecuritysystemsasinvasion-checkingmechanismsandsoon.Thus,ithasaverystrongcovered.ThispaperisimplementedtheinjectionofTrojanhorsebycombiningthetechnologyofDLL(dynamiclinkinglibrary)andofremotethreadinjectionontheWindowsplatform.Inthis
8�����、paper,modularizationofTrojanhorseprocessisproposedtocreateanindependentTrojanhorseinjectionprocess,thus,toinjectTrojanhorseDLLmoduletothehostprocess.ExperimentalresultsshowthattheprogramcouldrealizetheTrojaninjectedwithgoo
