基于Netfilter的轻量级木马阻断安全机制
A lightweight Trojan blocking security mechanism based on Netfilter framework
武柯安 1高洋洋1
作者信息
- 1. 中国电子科技集团公司第三十研究所,四川成都 610041
- 折叠
摘要
[目的/意义]随着网络攻击技术的发展,各种木马程序不断涌现.受限于木马特征检测的困难性和系统资源的限制等因素,常规的入侵检测手段并不适用于资源受限的嵌入式微处理系统.为此提出了一种轻量级的木马阻断安全机制,用以降低嵌入式系统中敏感信息被窃取的安全威胁.[方法/过程]分析了Linux操作系统下协议栈发送网络数据包的过程以及Netfilter的工作机理,提出了一种基于Netfilter的IP报文外出控制机制,用较小的计算代价,防止了木马病毒向外发送敏感信息.[结果/结论]方法适用于资源受限的嵌入式微处理系统,能够降低嵌入式微处理系统中敏感信息被窃取的安全威胁.
Abstract
[Purpose/Significance]With the development of network attack technologies,various Trojan programs continue to emerge.Due to the difficulty of detecting Trojan features and the limitations of system resources,universal hacking detection methods are not suitable for resources limited embedded microsystems.Therefore,a lightweight Trojan blocking security mechanism is proposed to reduce the security threat of sensitive information being stolen in embedded systems.[Method/Process]By analyzing the process of sending IP packets under the TCP/IP stack of Linux,as well as the working mechanism of Netfilter,an outgoing control mechanism of IP packets based on Netfilter is proposed,which prevents hacking processes form sending out sensitive information at a relatively small computational cost.[Results/Conclusion]This method is suitable for resource limited embedded microprocessing systems and can reduce the security threat of sensitive information being stolen in embedded microprocessing systems.
关键词
信息安全/IP协议栈/Netfilter/木马/嵌入式微处理系统Key words
information security/IP stack/Netfilter/Trojan/embedded microprocessor system引用本文复制引用
出版年
2024
NETL
NSTL
万方数据