摘要
DLL(dynamic link library)注入作为目前开展隐蔽化渗透攻击的主流技术经过多年发展已形成多种类型,从最初的显式调用系统API创建远程线程逐步过渡到伪造系统DLL以及静态修改PE文件等方式.注入过程更复杂,方式更隐蔽,对检测技术也提出了更大的挑战.主要对常见的10种DLL注入技术原理进行分析.同时对当前业界主流的6种检测技术进行介绍,归纳总结各类技术优缺点,并提出该领域未来的研究方向,为后续开展DLL注入检测技术研究提供参考.
DLL injection,as the main technology of covert penetration attack,has formed many types after years of development.From the initial explicit system API to create remote thread gradually transition to forge system DLL and static modification of PE files.The injection process is more complex and covert,which has more challenges for detection technology.This paper analyzes the principles of ten common types of DLL injection.At the same time,the paper introduces six main detection technologies in the current industry,summarizes the advantages and disadvantages of each technology,and puts forward the future research direction in this field and provides reference for the follow-up research of DLL injection detection technology.
作者
宋晓斌
穆源
朱涛
马陈城
Song Xiaobin;Mu Yuan;Zhu Tao;Ma Chencheng(No.61660 Troops of PLA,Beijing 100093)
出处
《信息安全研究》
2022年第8期786-792,共7页
Journal of Information Security Research
作者简介
宋晓斌,硕士,助理工程师.主要研究方向为网络安全.ACxbtech@outlook.com;穆源,硕士,正高级工程师.主要研究方向为网络安全.muy@sina.com;朱涛,硕士,工程师.主要研究方向为网络安全.zhut16@qq.com;马陈城,硕士,助理工程师.主要研究方向为网络安全.machencheng07@foxmail.com。
