Research On Hard Disk Trojan Detection Technology

Hard disk,as the main and most common storage device,saves most of the files in your computer system,and is the main attack and infection target of Trojans.Hard Disk Trojan refers to a Trojan that hides itself by infecting the hard disk,resides in the computer,and performs malicious functions.This trojan has high concealment and harmful.In this thesis,Trojans are divided into bootkit Trojans and hard firmware Trojans according to different infection locations and ways.Aiming at the problem that Hard Disk Trojan is difficult to detect,this thesis analyzes the implementation of Hard Disk Trojan and establishes a Hard Disk Trojan detection model.In the Hard Disk Trojan Trojan detection model,this thesis divides Hard Disk Trojan detection into Bootkit detection and Hard Disk Firmware detection.The Bootkit detection can detect the infection of the hard disk boot area and the system.The Hard Disk Firmware detection can detect whether the hard disk firmware has been tampered and whether the hard disk is mounted with a small system.Bootkit is a type of mainstream Trojan.The Bootkit technology and its detection technology constantly resist and upgrade,which promotes the rapid development of Bootkit.Hard Disk Firmware Trojan is difficult and located in the area that users can not access,so there is less research on it.But hard disk firmware Trojan horse is a blind area of antivirus software,and also a direction of Trojan horse development.In the model of Hard Disk Trojan detection,this thesis proposes the methods of the Bootkit detection based on the behavior,the Hard disk Firmware detection based on trusted boot and the Hard Disk mount system detection based on SMART.Next,based on the Hard Disk Trojan detection model,this thesis designs and implements the Trojan detection system,and introduces each module of the Hard disk Trojan detection system in detail.In the process of implementation,this thesis breaks through the Hard Disk Firmware area access technology,and realizes the direct extraction of Hard Disk firmware through data wire.NEXT,this thesis designs experiments to test the Hard Disk Trojan detection system,and analyzes the results,which proves the validity of the Hard Disk Trojan detection model.Finally,this thesis compares the functions of the Hard Disk Trojan detection system with anti-virus softwares and Hard Disk tools,and proves that the Hard Disk Trojan detection model is comprehensive for Hard Disk Trojan detection.