資源描述:
《基于進(jìn)程和通信隱藏的木馬設(shè)計(jì)與實(shí)現(xiàn)論文》由會(huì)員上傳分享,免費(fèi)在線閱讀,更多相關(guān)內(nèi)容在學(xué)術(shù)論文-天天文庫(kù)。
1、分基于進(jìn)程和通信隱藏的木馬設(shè)計(jì)與實(shí)現(xiàn)論文作者姓名:申請(qǐng)學(xué)位專(zhuān)業(yè):申請(qǐng)學(xué)位類(lèi)別:指導(dǎo)教師姓名(職稱(chēng)):論文提交日期:第22頁(yè)共23頁(yè)基于進(jìn)程和通信隱藏的木馬設(shè)計(jì)與實(shí)現(xiàn)摘要近年來(lái),特洛伊木馬等惡意代碼己經(jīng)成為網(wǎng)絡(luò)安全的重要威脅。很多國(guó)家都采取積極的網(wǎng)絡(luò)安全防御措施,投入大量的人力和物力研究網(wǎng)絡(luò)信息安全技術(shù)。文章首先分析了傳統(tǒng)木馬的一般工作原理及其植入、加載、隱藏等關(guān)鍵技術(shù)。隨著網(wǎng)絡(luò)技術(shù)的不斷更新和發(fā)展,木馬技術(shù)也在不斷地更新?lián)Q代,現(xiàn)代木馬的進(jìn)程隱藏和通信隱藏等等都發(fā)生了變化。進(jìn)程的隱藏和通信的隱藏一直是木馬
2、程序設(shè)計(jì)者不斷探求的重要技術(shù)。攻擊者為達(dá)到進(jìn)程隱藏的目的,采用遠(yuǎn)程線程和動(dòng)態(tài)鏈接庫(kù),將木馬作為線程隱藏在其他進(jìn)程中。選用一般安全策略都允許的端口通信,如80端口,則可輕易穿透防火墻和避過(guò)入侵檢測(cè)系統(tǒng)等安全機(jī)制的檢測(cè),從而具有很強(qiáng)的隱蔽性。本文研究了如何將Windows環(huán)境下的動(dòng)態(tài)鏈接庫(kù)(DLL)技術(shù)與遠(yuǎn)程線程插入技術(shù)結(jié)合起來(lái)實(shí)現(xiàn)特洛伊木馬植入的新方案。在該方案中,提出了特洛伊木馬程序DLL模塊化,并且創(chuàng)建了獨(dú)立的特洛伊木馬植入應(yīng)用程序,將木馬程序的DLL模塊植入宿主進(jìn)程。實(shí)驗(yàn)結(jié)果證明該方案能實(shí)現(xiàn)的木馬植
3、入,具有很好的隱蔽性和靈活性。關(guān)鍵詞:特洛伊木馬;動(dòng)態(tài)連接庫(kù);進(jìn)程插入;遠(yuǎn)程線程第22頁(yè)共23頁(yè)TheDesignandImplementationofTrojanHorsesBaseonProcessHidingandCommunicationsHidingAbstractInrecentyears,maliciouscodesincludingTrojanhavethreatenednetworkinformationsecurity,andmoreandmorecountriespaidatten
4、tiontotakeactivemeasurestoprotectthenetwork,andspentalotinresearchtodevelopnetworkinformationsecuritytechnologymentallyandmaterially.Thispaperfirstlyanalysesthebasicprinciple,entrytechnology,loadtechnologyandhidingtechnologyoftraditionalTrojanhorse.Witht
5、hedevelopmentofnetworktechnology,Trojanhorsetechnologyisupgradingconstantly.ModernTrojanhorseischangedinprocesshidingandcommunicationhiding.TheprocesshidingandcommunicationshidingareimportanttechnologybeingexploredbyTrojanhorseprogrammersalllong.Adopting
6、themeasureofdynamiclinkstorage,andRemoteThreadtechnology,andhidingTrojanhorsebehindtheotherprocessesasathreadprogram,itiseasytohide.Choosingtheportcorrespondencewhichispermittedbyalmostalltheordinarysecuritypolicy,likes80port,mayeasilypenetratethefirewal
7、landavoidtheexamineofsecuritysystemsasinvasion-checkingmechanismsandsoon.Thus,ithasaverystrongcovered.ThispaperisimplementedtheinjectionofTrojanhorsebycombiningthetechnologyofDLL(dynamiclinkinglibrary)andofremotethreadinjectionontheWindowsplatform.Inthis
8、paper,modularizationofTrojanhorseprocessisproposedtocreateanindependentTrojanhorseinjectionprocess,thus,toinjectTrojanhorseDLLmoduletothehostprocess.ExperimentalresultsshowthattheprogramcouldrealizetheTrojaninjectedwithgoo