摘要
针对窃密型木马伪装技术不断发展,窃密型木马检测难度越来越高的现状,提出基于行为检测的窃密型木马检测方案.通过对常见窃密型木马通信机制建模分析,构建窃密型木马的几种通信模式.为了提高窃密型木马检测精度,以窃密型木马通信行为特征,设计了基于完整会话的窃密型木马检测方案.通过对500组实验数据测试表明,笔者设计的窃密型木马检测方案漏检率为6.8%,误报率为2.7%,优于传统的木马检测方案.
As the ceaseless development of theft-type Trojan camouflage technology, it is increasing difficult to detect it at present, this paper put forwarded a detection program based on behavior detection. By modeling analysis to common theft Trojan communication mechanism, several communication modes have been set up. Characterized by Theft Trojan communication behaviors, the program was designed to improve the theft Trojan detection accuracy, which based on the full session. By testing 500 set of experimental data, it showed that the undetected rate of the theft-type Trojan detection program designed this paper was 6.8% ; the false alarm rate was 2.7%, which was better than the traditional Trojan detection program.
出处
《广西民族大学学报(自然科学版)》
CAS
2014年第2期70-74,共5页
Journal of Guangxi Minzu University :Natural Science Edition
基金
广西哲学社会科学课题"基于物联网技术的图书馆服务模式研究"(11BTQ001)
关键词
行为检测
窃密型
木马
通信模式
会话
behavior detection
theft-type
Trojan
communication mode
session