| The rapid development of computer networks and wider use of information-based society increasingly, the community has brought great economic and social benefits. At the same time, computer networks are also facing an increasingly serious security problem.Virus monitoring and virus killing become network security research focus. Many professional antivirus software was born, they use detection technology mainly signatures scanning technology, virtual machine detection technology and integrity detection technology. This article examines this several detection technology works and their characteristics, and summarize the three general detection technology advantages and disadvantages, pointed out that these detection technology cannot effectively detect out hidden virus.Existing hidden virus primarily use a Rootkit hide technology. Rootkit techniques appears on the 20th century the early 1990s, in 1994 in February, according to a security advisory reports in the first use the Rootkit. From the emergence of so far, Rootkit techniques development very quickly, applications become more and more extensive, now more is an intruder as computer viruses and Trojan horses, developing a sharp object, and Windows operating system will inevitably become an intruder. Rootkit is an attacker to hide their travelers, and retention of root access tool. Rootkit techniques to hide processes, files, TCP port, such as the registry. With the Rootkit techniques in computer viruses in the wide application of existing virus detection technology experiencing unprecedented challenges.This article examines Rootkit techniques work, and use for hidden virus new detection technology—differential analysis detection technology, this technique can detect and acquisition systems underlying information and application of information, these information classified as trust and non - trusted system information, and will be trusted information with non - trusted information for comparison to distinguish between what information may be viruses, and finally distinction exists exception information and output tips. For the trojan program, this article uses the pipeline detection technology, "pipeline" is an operating system provides process or thread between communication tool, the Trojan program to use it to create a cmd.exe processes and redirected its input and output, to implement the intrusion of the survey and control. Pipeline detection technology by obtaining all pipeline, analyze each pipeline is cmd.exe processes open discovering the process for analysis to detect, final identify Trojan program and output tips.Take advantage of the above two detection technology, this article has raised a hidden virus - detection program SVDS(stealth virus detection system) the design concept, SVDS allows hidden virus and Trojan horse program detection and reporting procedures. |
PDF Full Text Request