DMA-based advanced Trojan real-time detection method and system

DMA-based advanced Trojan real-time detection method and system

The invention discloses a DMA-based advanced Trojan real-time detection method and system. The method comprises the following steps: firstly, establishing a connection relationship between DMA hardware and a target machine through a PCIE interface, acquiring mapping of a memory of the target machine...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: XU YANCHENG, XIE HUI, CHEN JIAN, WEI HAIYU, LI XIAOQIONG, LIU HAIYANG, LIU YONGZHEN, LIU QINGLIN, CUI LIXIAO, LI NING, LYU ZONGHUI
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention discloses a DMA-based advanced Trojan real-time detection method and system. The method comprises the following steps: firstly, establishing a connection relationship between DMA hardware and a target machine through a PCIE interface, acquiring mapping of a memory of the target machine in real time, and transmitting the mapping of the memory of the target machine to an analyzer; the analyzer analyzes the data mapped by the memory of the target machine to obtain system information mapped by the memory of the target machine and running data information in the memory; data capturing is carried out according to a preset time interval, difference set calculation is carried out through data of two adjacent moments to obtain target machine memory change data, and the advanced Trojan horse is detected in real time based on the target machine memory change data. According to the method, a real-time monitoring and detecting model based on the DMA technology is used, the threat can be found in time at the