• • 上一篇    下一篇

基于虚拟机与API调用监控技术的APT木马取证研究

朱平%杜彦辉   

Research on APT-Trojan Forensics based on Virtual Machine and API Monitor

ZHU Ping%DU Yan-hui   

  • About author:中国人民公安大学,北京,100038

摘要: APT(Advanced Persistent Threat)攻击通常由具有丰富经验的网络渗透组织或团队实施,具有持续时间长、技术性强、策略性高的特点,攻击中使用的APT木马变化无穷,常规杀毒软件难于检测,严重威胁了国家核心机构和重点部门的安全,同时也给电子数据取证带来了很大的挑战。文章提出了一种基于基于虚拟机与API调用监控技术的APT木马取证模型,可有效对APT木马的攻击行为进行取证。

Abstract: APT attack is the most serious threat to national organization and corporation. Generally,it is controlled by a meticulouslydesigned organization and can hardly be detected. It has advanced,persistent andhigh strategy characteristics.This paper presents a module for APT-TrojanForensic,which is based on Virtual machineand API monitor.