摘要
在研究木马的攻击模式、种植方式和Windows安全机制的基础上,通过对当前木马检测技术的弱点分析,提出了一种基于限定令牌的木马防护系统。该系统从构建工作环境控制着手,实现程序运行审核机制,变查杀为抑制,抑制木马的运行及攻击行为的实施。并重点介绍了进程环境控制模块、服务管理模块、注册表监控模块和异常诊断模块的设计。最后,通过实验验证了该系统的可行性和有效性。
According to the analysis of Trojan horse attack patterns,implant methods ,the security model of windows and limitations of the Trojan horse detection technologies at present,A defense against Trojan horse system based on restricted token is stated in this paper.Combined with constructing the secure work environment,auditing the startup of applications and restraining the malicious action of Trojan horse.The design of process environment control module ,service manager module,register monitoring and anomaly diagnose module are focused on.At last,the experiment result validates the feasibility and availability of this system.
出处
《计算机工程与应用》
CSCD
北大核心
2007年第24期141-145,共5页
Computer Engineering and Applications
基金
江苏省科技公关计划(the Key Technologies R&D Program of Jiangsu (Province)
China under Grant No.No.BG2004030)
关键词
木马防御令牌特权环境控制
trojan horse
defense
token
privilege
environment control
