| In recent years,Internet is developing fast, statistic shows that more than 1.7 billion Internet users in the world until September 30,2009. Some crackers also took note of this trend, keep on illegally infiltrating and attacking computer systems.For the malicious Trojan software, especially the theft of information, illegal control of the computer, especially the technology about the use of drive-level Rootkit malware hidden behavior, effective detection and defense they become necessary, but because Windows operating system is not open source, that the.study of its principles within a certain degree of difficulty increases.In this paper, static analysis, dynamic analysis of a combination of techniques based on hidden Rootkit a detailed analysis of typical file hiding, process hiding, network communications code hidden technical inquiry, on this basis, Trojan detection method of the comparison and improvement, compared with a common signature detection, heuristic detection, behavior-based detection, integrity of the advantages and disadvantages of testing method is proposed based cache (cache) hidden file detection method, Rootkit technology hidden SSDT HOOK process was effective in detecting and code implementation.Finally, the testing idea was validated in the form of a virtual machine set up analytical laboratory Trojans, to Network Bank robber as an example, thinking of the test was verified. Validated, that the detection method is feasible. Meanwhile, the Trojan defense strategy are described, from the perspective of social engineering to carry out effective methods of Trojan defense. |
PDF Full Text Request