An Improved Kernel Trojan Horse Architecture Model And Realization

Posted on:2011-07-04

Degree:Master

Type:Thesis

Country:China

Candidate:X Q Feng

Full Text:PDF

GTID:2178330332460921

Subject:Computer application technology

Abstract/Summary:

PDF Full Text Request

As an internet security technology, Trojan horse is widely used in remote control and network confrontation area. However, with the continuous development of security techniques, the inspecting capacity of security software is becoming more and more powerful which compresses the living space of Trojan horse. Due to its destructive and high concealment, kernel-level is attracting people's more attention. Kernel Trojan horse is the one which combines with kernel Rootkit technique which conceals whole Trojan through modifying the impartment system kernel data structure. Since kernel Rootkit is lying in a lower layer, it is very hard for security software to detect it, which guarantees the concealment of the whole Trojan. Kernel Trojan is the development trend in the future.Trojan which follows the traditional architecture model uses the approach of combining user layer and kernel layer. Concealment module is achieved by kernel Rootkit while user expecting function module is accomplished in user level. However, with the emergency of various detection techniques, this mixed kind of kernel Trojan is more and more easily to be detected. Concretely, the sensitive properties of Trojan are fully exposed to the lower layer security software, in a result the concealment module becomes huge and is easily to be detected.Based on the analysis above, this paper focuses flaws of traditional Trojan horse architecture model and introduces an improved model named light weight concealment module and pure kernel Trojan horse architecture model. In this framework, all the modules are implemented in kernel level, resulting in the reduction of exposed sensitive properties and predigest ion of concealment sub-module collaboration.Lastly, in order to prove feasibility and concealment of the improved architecture model, an instance of this framework is realized and series of experiments is carried out. The results show that compared to the traditional architecture model, the improved one has a better concealing performance.

Keywords/Search Tags:

kernel-level Trojan, kernel Rootkit, Trojan architecture model, light weight concealment module, pure kernel

PDF Full Text Request

Related items

1	Research On Trojan Detection Technology Of Rootkit In Linux Kernel
2	Research On Kernel-Level Trojan Hiding Technology
3	Design And Implementation Of Drive Level Trojan Transmission And Encryption Algorithms
4	Detection Of Trojan Horse Based On Rootkit Technology
5	Research And Application Of Kernel Rootkit Technology Under Win32 Environment
6	Research And Application Of Kernel Rootkit Detection Technology Under Win32 Environment
7	Research On Detect Technology Of Windows System Kernel Rootkit
8	Research Of Rootkit-hidden Trojan Detection In Windows
9	The Research And Application On Linux Kernel-level Rootkit Detection Methods
10	The Research And Improvement Of Kernel Rootkit Hidden