摘要
在对Windows用户层恶意行为分类研究的基础上,提出了一种面向Windows环境的进程可信度量方法。针对现有的可信度量基准值通过进程执行流获取时,不能免疫加载的挂钩攻击的问题,通过对比分析进程内存映像和可执行文件执行流的基准值,判断进程是否遭受恶意攻击,并自动修复被恶意程序篡改的内容,确保进程的正常执行。
A process dynamic measurement method for Windows environment based on the classification of malicious behavior of Windows user mode is proposed. Existing trusted metric benchmark values are acquired through process execution streams and cannot be immune to hook attacks when loaded. By comparing and analyzing the baseline value of the process memory image and executable stream,the method is used to determine whether the process is subjected to malicious attack,which can automatically repair the content tampered by the malicious program and ensure the normal execution of the process.
作者
张建标
李志刚
刘国杰
王超
王玮
ZHANG Jian-biao;LI Zhi-gang;LIU Guo-jie;WANG Chao;WANG Wei(Faculty of Information Technology,Beijing University of Technology,Beijing 100124,China;Beijing Key Laboratory of Trusted Computing,Beijing 100124,China;National Engineering Laboratory for Critical Technologies of Information Security Classified Protection,Beijing 100124,China)
出处
《山东大学学报(理学版)》
CAS
CSCD
北大核心
2018年第7期46-50,59,共6页
Journal of Shandong University(Natural Science)
基金
国家自然科学基金资助项目(61671030)
北京市博士后工作经费资助项目(2017-22-030)
CCF-启明星辰"鸿雁"科研资助计划项目(CCF-VenustechRP2017008)
关键词
可信计算
主动度量
执行流基准值
挂钩
trusted computing
active measurement
execution flow reference value
hook
