| 面向Windows环境进程主动动态度量方法 |
| |
| 引用本文: | 张建标,李志刚,刘国杰,王超,王玮. 面向Windows环境进程主动动态度量方法[J]. 山东大学学报(理学版), 2018, 53(7): 46-50. DOI: 10.6040/j.issn.1671-9352.2.2017.276 |
| |
| 作者姓名: | 张建标 李志刚 刘国杰 王超 王玮 |
| |
| 作者单位: | 1.北京工业大学信息学部, 北京 100124;2.可信计算北京市重点实验室, 北京 100124;3.信息安全等级保护关键技术国家工程实验室, 北京 100124 |
| |
| 基金项目: | 国家自然科学基金资助项目(61671030);北京市博士后工作经费资助项目(2017-22-030);CCF-启明星辰“鸿雁”科研资助计划项目(CCF-VenustechRP2017008) |
| |
| 摘 要: | 在对Windows用户层恶意行为分类研究的基础上,提出了一种面向Windows环境的进程可信度量方法。针对现有的可信度量基准值通过进程执行流获取时,不能免疫加载的挂钩攻击的问题,通过对比分析进程内存映像和可执行文件执行流的基准值,判断进程是否遭受恶意攻击,并自动修复被恶意程序篡改的内容,确保进程的正常执行。
|
| 关 键 词: | 可信计算 执行流基准值 挂钩 主动度量 |
| 收稿时间: | 2017-08-20 |
Process active dynamic measurement method for Windows environment |
| |
| ZHANG Jian-biao,LI Zhi-gang,LIU Guo-jie,WANG Chao,WANG Wei. Process active dynamic measurement method for Windows environment[J]. Journal of Shandong University, 2018, 53(7): 46-50. DOI: 10.6040/j.issn.1671-9352.2.2017.276 |
| |
| Authors: | ZHANG Jian-biao LI Zhi-gang LIU Guo-jie WANG Chao WANG Wei |
| |
| Affiliation: | 1. Faculty of Information Technology, Beijing University of Technology, Beijing 100124, China;2. Beijing Key Laboratory of Trusted Computing, Beijing 100124, China;3. National Engineering Laboratory for Critical Technologies of Information Security Classified Protection, Beijing 100124, China |
| |
| Abstract: | A process dynamic measurement method for Windows environment based on the classification of malicious behavior of Windows user mode is proposed. Existing trusted metric benchmark values are acquired through process execution streams and cannot be immune to hook attacks when loaded. By comparing and analyzing the baseline value of the process memory image and executable stream, the method is used to determine whether the process is subjected to malicious attack, which can automatically repair the content tampered by the malicious program and ensure the normal execution of the process. |
| |
| Keywords: | execution flow reference value hook active measurement trusted computing |
| 本文献已被 CNKI 等数据库收录! |
| 点击此处可从《山东大学学报(理学版)》浏览原始摘要信息 |
|
点击此处可从《山东大学学报(理学版)》下载全文 |
|
