木马技术研究及反弹木马系统的设计与实现

发布时间：2018-08-18 13:22

【摘要】：二十一世纪,网络生活逐渐成为人们日常生活的主题。同时也应该看到,网络给国家人民带来诸多便利的同时,也随之产生许多信息安全方面的问题。其中,木马则是威胁当前网络信息安全的重要隐患之一。木马针对计算机系统漏洞进行攻击,窃取个人和企业用户关键信息,还可能对网络资源造成破坏。现今,网络技术不断发展,木马技术也在更新换代,给人们的生产生活带来了巨大影响和危害。因此,加强木马技术研究以及如何改进相关检测和防御技术对快速发现木马、预测预知木马、积极应对木马有着重要意义。论文首先对木马程序的工作原理,实现方式和当前比较流行的木马技术进行系统的研究,分析、总结和归纳其所用到的关键技术。其次在对关键技术进行分解的基础上,基于木马工作流程,将木马行为划分为：植入阶段、隐藏阶段、通信阶段和启动阶段4个主要过程,并重点对各阶段所用技术进行认真剖析。同时对现代木马的发展趋势做出合理预测。最后,结合当前比较流行的远程线程注入技术和反弹端口技术等手段,给出一种反弹端口型木马系统的设计与实现。其中,木马服务端利用远程线程注入技术达到隐藏目的,利用关联文件方式随文本文件启动。反弹端口型木马系统基于TCP/IP协议体系建立通信,通过对在线FTP服务器文件读写获取连接信息,实现反弹端口连接功能。客户端采用界面化管理方式,实现对服务端的CMD命令控制。本系统基于windows操作平台进行设计开发,能隐蔽植入受控计算机,实现无进程启动和受控制端主动连接,真实反映出了反弹端口型木马的工作原理。为进行同类木马的研究提供一定的参考。
[Abstract]:In the 21 ~ (th) century, network life gradually became the theme of people's daily life. At the same time, we should also see that the network brings a lot of convenience to the people of our country, but also brings many problems of information security. Among them, Trojan horse is one of the important hidden dangers that threaten current network information security. Trojans attack computer system vulnerabilities, steal critical information from individuals and enterprise users, and may destroy network resources. Nowadays, with the continuous development of network technology and the upgrading of Trojan horse technology, it has brought great influence and harm to people's production and life. Therefore, it is of great significance to strengthen the research of Trojan horse technology and how to improve the related detection and defense technology to quickly discover Trojan horse, predict and predict Trojan horse, and actively deal with Trojan horse. Firstly, the paper systematically studies, analyzes, summarizes and sums up the key technologies used in Trojan horse program, including its working principle, realization mode and current popular Trojan horse technology. Secondly, on the basis of decomposing the key technologies, based on the workflow of Trojan horse, the Trojan horse behavior is divided into four main processes: implantation stage, hidden stage, communication stage and startup stage. And the emphasis on each stage of the use of technology for serious analysis. At the same time, the development trend of modern Trojan horse to make a reasonable prediction. Finally, combining with the popular remote thread injection technology and rebound port technology, this paper presents the design and implementation of a rebound port Trojan horse system. Among them, Trojan horse server uses remote thread injection technology to achieve hidden purpose, and uses associated file to start with text file. Based on the TCP/IP protocol system, the rebound port Trojan system establishes the communication, obtains the connection information by reading and writing the online FTP server files, and realizes the connection function of the rebound port. The client adopts the interface management method to realize the CMD command control of the server. The system is designed and developed on the basis of windows operating platform, which can be hidden and implanted in controlled computer, realize the process free startup and active connection of controlled end, which truly reflects the working principle of rebound port Trojan horse. To provide a certain reference for the study of the same kind of Trojan horse.
【学位授予单位】：云南大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【共引文献】