摘要
针对DLL木马不能直接运行的特性和高隐蔽性带来的检测难度,设计了一个基于模拟加载技术的DLL木马检测模型,并基于该模型实现了一个DLL木马检测系统。介绍了检测系统的总体结构图,阐述了检测系统的模块架构,给出了特征信息库的建立流程,详细分析了检测系统的关键技术。实验结果表明,基于模拟加载法的DLL木马检测系统能够快速判定被检测文件的危险等级,可以有效降低漏报率。
In allusion to detection difficulty caused by speciality that DLL-Trojan can't be executed directly and feature of high concealment,this paper designed a detection model of DLL-Trojan based on technology of simulation loading,and rea-lized detection system of DLL-Trojan based on it.It introduced general structure diagram of detection system in brief,explained module framework of detection system,gave flow chart to constitute characteristic information library,and analyzed critical technology of detection system in detail.Result of experiment indicates that detection system of DLL-Trojan based on method of simulation loading can rapidly judge the dangerous level of detected file and may reduce unreported rate effectively.
出处
《计算机应用研究》
CSCD
北大核心
2011年第10期3790-3792,3806,共4页
Application Research of Computers
基金
四川省应用基础研究项目(07JY029-011)
四川省教育厅项目(08ZA043)
关键词
DLL木马
模拟加载
动态嵌入
行为分析
漏报率
DLL-Trojan
simulation loading
dynamic embedding
behavior analysis
unreported rate
