| 基于行为检测的窃密型木马检测研究 |
| |
| 引用本文: | 马立军.基于行为检测的窃密型木马检测研究[J].广西民族学院学报(自然科学版),2014(2):70-74. |
| |
| 作者姓名: | 马立军 |
| |
| 作者单位: | 柳州职业技术学院电子信息工程系,广西柳州545006 |
| |
| 基金项目: | 广西哲学社会科学课题“基于物联网技术的图书馆服务模式研究”(11BTQ001). |
| |
| 摘 要: | 针对窃密型木马伪装技术不断发展,窃密型木马检测难度越来越高的现状,提出基于行为检测的窃密型木马检测方案.通过对常见窃密型木马通信机制建模分析,构建窃密型木马的几种通信模式.为了提高窃密型木马检测精度,以窃密型木马通信行为特征,设计了基于完整会话的窃密型木马检测方案.通过对500组实验数据测试表明,笔者设计的窃密型木马检测方案漏检率为6.8%,误报率为2.7%,优于传统的木马检测方案.
|
| 关 键 词: | 行为检测 窃密型 木马 通信模式 会话 |
Detection Research on Behavior-based Detection of Theft-type Trojan |
| |
| MA Li-jun.Detection Research on Behavior-based Detection of Theft-type Trojan[J].Journal of Guangxi University For Nationalities(Natural Science Edition),2014(2):70-74. |
| |
| Authors: | MA Li-jun |
| |
| Institution: | MA Li-jun (Department of Electronic Information Engineering, Liuzhou Vocational & Technical College, Liuzhou 545006,China) |
| |
| Abstract: | As the ceaseless development of theft-type Trojan camouflage technology, it is increasing difficult to detect it at present, this paper put forwarded a detection program based on behavior detection. By modeling analysis to common theft Trojan communication mechanism, several communication modes have been set up. Characterized by Theft Trojan communication behaviors, the program was designed to improve the theft Trojan detection accuracy, which based on the full session. By testing 500 set of experimental data, it showed that the undetected rate of the theft-type Trojan detection program designed this paper was 6.8% ; the false alarm rate was 2.7%, which was better than the traditional Trojan detection program. |
| |
| Keywords: | behavior detection theft-type Trojan communication mode session |
| 本文献已被 维普 等数据库收录! |
|
