本文選題：木馬檢測 + 流量檢測��； 參考：《電子科技大學》2014年碩士論文

【摘要】：當前計算機木馬已成為傳播最廣泛影響最深遠的病毒種類,已成為不法分子獲取經(jīng)濟利益的廣泛手段之一。然而針對木馬檢測的技術(shù)手段仍不完善,當前主流殺毒軟件都已具備較強的木馬查殺功能,但它們面向的主要是用戶級對象,而針對企業(yè)級網(wǎng)絡(luò)的專業(yè)木馬檢測系統(tǒng)并未出現(xiàn)。在此背景下,論文著手研究木馬技術(shù)及其檢測原理,并提出基于流量的木馬檢測新思路。本論文的核心是研究當前成熟的PC端木馬檢測技術(shù)和入侵檢測系統(tǒng),并將前者采用的技術(shù)以某種形式轉(zhuǎn)換利用于后者,最終形成一套針對企業(yè)網(wǎng)絡(luò)級的木馬檢測系統(tǒng)方案。論文主要工作包括木馬及其檢測技術(shù)研究、流量檢測模型及關(guān)鍵技術(shù)研究、系統(tǒng)開發(fā)與測試。第一部分,木馬技術(shù)研究著重對各類主流木馬進行分析,了解木馬核心技術(shù)和原理等;第二部分,木馬檢測技術(shù)則從PC端檢測技術(shù)和入侵檢測技術(shù)兩方面進行研究,前者對當前PC端主流檢測技術(shù)進行詳盡分析,深入了解其中原理和方法,而對入侵檢測技術(shù)的研究則主要是對入侵檢測模型及其中關(guān)鍵問題進行深入分析;論文第三部分為本系統(tǒng)核心,提出了基于流量檢測模型及模型中關(guān)鍵技術(shù)設(shè)計,包括流量處理、數(shù)據(jù)包亂序及實時檢測三大部分。論文第四部分在前文的基礎(chǔ)上詳細設(shè)計整個系統(tǒng)并實現(xiàn)前述算法思想,在系統(tǒng)原型的基礎(chǔ)上搭建測試環(huán)境并進行充分測試。為驗證論文所提方案的可行性,系統(tǒng)分別對系統(tǒng)負載壓力、木馬檢測能力做測試。實驗證明系統(tǒng)對大流量的抗壓能力較好,隨著系統(tǒng)的運行時間加長,系統(tǒng)對抗負載壓力逐漸提高。其次系統(tǒng)具備良好的木馬檢測能力,針對木馬植入及活動階段,系統(tǒng)能有效檢測出內(nèi)網(wǎng)中活動主機潛在風險,但系統(tǒng)漏報率及誤報率相對終端檢測軟件偏高。本系統(tǒng)證明基于流量進行木馬監(jiān)控是可行的,面向終端的檢測技術(shù)可應(yīng)用于面向網(wǎng)絡(luò)流量的檢測技術(shù)中,且與前者相比具有部署成本低、覆蓋面廣的特性。論文對未來病毒木馬檢測技術(shù)具有一定的參考意義,對當前及未來入侵檢測系統(tǒng)、入侵防御系統(tǒng)具有拓展性意義。
[Abstract]:At present, the computer Trojan horse has become the most widely spread of the most far-reaching types of viruses, has become one of the illegal elements to obtain economic benefits of one of the wide range of means. However, the technical means for Trojan detection are still imperfect, the current mainstream anti-virus software has a strong Trojan detection function, but they are mainly oriented to user-level objects, but the professional Trojan detection system for enterprise network has not appeared. Under this background, the paper studies Trojan horse technology and its detection principle, and puts forward a new idea of Trojan horse detection based on traffic. The core of this paper is to study the current mature detection technology and intrusion detection system of the PC Trojan horse, and use the technology of the former in some form to use in the latter, and finally form a set of Trojan horse detection system scheme aimed at the enterprise network level. The main work includes Trojan horse and its detection technology, traffic detection model and key technology research, system development and testing. In the first part, the Trojan horse technology research focuses on the analysis of all kinds of mainstream Trojan horses, to understand the core techniques and principles of Trojan horses, and the second part, Trojan detection technology from the PC side detection technology and intrusion detection technology two aspects of research. The former makes a detailed analysis of the current mainstream detection technology of PC, and deeply understands the principle and method of it, while the research of intrusion detection technology mainly analyzes the intrusion detection model and its key problems. The third part of this paper is the core of the system, and proposes the key technology design based on the traffic detection model, including three parts: traffic processing, packet disordering and real-time detection. In the fourth part of the thesis, the whole system is designed in detail on the basis of the above, and the algorithm thought mentioned above is realized. The test environment is built on the basis of the prototype of the system, and the test environment is fully tested. In order to verify the feasibility of the proposed scheme, the system tests the system load pressure and Trojan detection ability. The experimental results show that the system has better resistance to large flow, and with the running time of the system increasing, the system resistance to load pressure increases gradually. Secondly, the system has a good Trojan detection ability, aiming at the Trojan Horse implantation and activity stage, the system can effectively detect the potential risks of the active host in the inner network, but the false alarm rate and the false alarm rate of the system are relatively high compared with the terminal detection software. The system proves that it is feasible to monitor Trojan horse based on traffic, and terminal oriented detection technology can be applied to network traffic detection technology, and compared with the former, it has the characteristics of low deployment cost and wide coverage. This paper has certain reference significance to the future virus Trojan horse detection technology, to the present and the future intrusion detection system, the intrusion prevention system has the expansion significance.
【學位授予單位】：電子科技大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前5條

1 莊穎杰;新型木馬技術(shù)的研究與分析[J];計算機工程;2004年S1期

2 劉忠民;劉洪;段喜龍;;基于用戶行為的網(wǎng)絡(luò)數(shù)據(jù)過濾方法[J];計算機應(yīng)用與軟件;2009年07期

3 魯剛;張宏莉;葉麟;;P2P流量識別[J];軟件學報;2011年06期

4 李煥洲;陳婧婧;鐘明全;唐彰國;;基于行為特征庫的木馬檢測模型設(shè)計[J];四川師范大學學報(自然科學版);2011年01期

5 劉U，

本文編號：2075366