摘要
为提高木马程序的网络通信检测率,在比较各种包截获技术优缺点的基础上,设计并实现一种基于NDIS Hook驱动的木马通信检测系统,给出主要模块和数据结构,提出基于网络通信行为分析技术的木马通信识别模型。测试结果表明,该模型能降低误报率和漏报率,可截获所有网络通信数据包,识别新的木马通信。
To enhance network communication detection of Trojan program,this paper designs and realizes a Trojan communication detection system based on NDIS Hook drive on the base of comparing advantages and disadvantages of various packet capture technology.It gives main modules and data structures,proposes Trojan communication identification model based on network communication behavior analysis technology.Test results show that this model can decrease false positive rate and negative positive rate,acquire all network communication data packet and identify new Trojan communication.
出处
《计算机工程》
CAS
CSCD
北大核心
2010年第9期150-152,共3页
Computer Engineering
