| With the development of the network, information security is increasingly becoming a topic of concern. From the past to the present Trojan virus rampant flooding to steal information targeted Trojans began to replace the virus to become the number one enemy of network security, which has become an important tool of interest groups behind the gray " Internet transformation", manufacturing, distribution, stealing account information, obtain illegal profits, money laundering, divided, forming an axis with the Trojans as to steal property for the purpose of complete " hacker economic chain."In this paper, technology and testing stage Trojans killing technique has been systematically studied, works as follows:First, combing the Trojan classification introduced after the development of the Five Trojans technology and future trends. Detailed analysis of the Trojan works, as well as the implant, start, covert, establish communication applied to the four aspects of a variety of specific technical, detailed analysis of the Trojan to hide its own resources used by the hook technology, remote thread insert technology port multiplexing, etc., also introduces the specific use of the principle of dynamic link library. Second, the specific stage has introduced five anti-Trojan Technologies: signature technology, virtual machine technology, static heuristics, dynamic heuristics (behavioral detection technology), intrusion detection technology, compared the advantages of each technology the disadvantage, as well as their respective areas of strength.Third, for the kind of mainstream Trojans stage, the analysis of the operating system service processes, the method of kernel mode and user mode switching and the use of API functions, on this basis, for now the mainstream of high hidden Rootkit Trojan, made their detection ideas: direct analysis system resources from the bottom to get all of the information, and then compare the user state and resources to detect the hidden resources. Use these ideas to build a Trojan detection system model and process integrity testing memory, registry, detect hidden files combine and each testing ideas and concrete steps set forth in sections.Fourth, the Trojan detection systems for testing, the results show that for the high hidden Rootkit Trojan has better detection results, compared to the same detection software has some advantages, but also pointed out the shortcomings of the detection system. |
PDF Full Text Request