基于信息隐藏技术的木马植入方法

doi:10.11772/j.issn.1001-9081.2018020558

计算机应用 ›› 2018, Vol. 38 ›› Issue (8): 2267-2273.DOI: 10.11772/j.issn.1001-9081.2018020558

基于信息隐藏技术的木马植入方法

张茹, 黄福鸿, 刘建毅, 祝锋

北京邮电大学网络空间安全学院, 北京 100876

收稿日期:2018-01-29 修回日期:2018-03-28 出版日期:2018-08-10 发布日期:2018-08-11
通讯作者: 祝锋
作者简介:张茹(1976-),女,山东济南人,副教授,博士,主要研究方向:密码学、信息隐藏、数字水印、版权保护;黄福鸿(1993-),男,湖南衡阳人,硕士研究生,主要研究方向:信息隐藏、数字水印;刘建毅(1980-),男,山西忻州人,副教授,博士,主要研究方向:数字内容安全、智能信息处理、数据挖掘;祝锋(1995-),男,河南信阳人,硕士研究生,主要研究方向:信息隐藏、数字水印。
基金资助:
国家自然科学基金资助项目（U1636212，U1636112）。

Trojan implantation method based on information hiding

ZHANG Ru, HUANG Fuhong, LIU Jianyi, ZHU Feng

School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China

Received:2018-01-29 Revised:2018-03-28 Online:2018-08-10 Published:2018-08-11
Supported by:
This work is partially supported by the National Natural Science Foundation of China (U1636212, U1636112).

摘要/Abstract

摘要： 针对互联网木马存在易被溯源追踪的问题，提出一种基于多媒体文件的新型木马方案，利用信息隐藏算法将木马程序作为秘密数据嵌入到载体图像中。渗透成功后，对盗取的数据在本地进行加密之后同样隐写到载体图像并上传至社交网络，攻击端通过开放的社交网络下载并提取秘密数据。实验显示，所设计的JPEG图像信息隐藏算法性能良好，基于该隐藏算法的木马渗透方案在隐蔽性、抗取证、防追踪以及穿透审计等特点上优于已有的图片木马。社交网络中此类木马可造成用户隐私泄露，所以最后给出了一些防范措施。

关键词: 木马, 社交网络, JPEG, 信息隐藏

Abstract: Since a large number of Trojans are easily tracable on the Internet, a new Trojan attack scheme based on multimedia document was proposed. Firstly, the Trojan program was embedded into a carrier image as secret data by steganography. After the Trojan program was successfully injected, the encrypted user information was also hidden into the carrier image by steganography. Then the host automatically uploaded pictures to a social network. Finally, the attacker downloaded images from the social network and extracted secret data from images. The theoretical analysis and simulation results show that the proposed JPEG image steganography algorithm has good performance, and the Trojan scheme based on it outperfoms some existing algorithms in concealment, anti-forensics, anti-tracking and penetrating auditing. Such Trojans in social networks can cause user privacy leaks, so some precautions are given at last.

Key words: Trojan, social network, JPEG, information hiding

中图分类号:

TP309.2

张茹, 黄福鸿, 刘建毅, 祝锋. 基于信息隐藏技术的木马植入方法[J]. 计算机应用, 2018, 38(8): 2267-2273.

ZHANG Ru, HUANG Fuhong, LIU Jianyi, ZHU Feng. Trojan implantation method based on information hiding[J]. Journal of Computer Applications, 2018, 38(8): 2267-2273.

参考文献

[1] YANG X, WEI K, MA H, et al. Trojan horse attacks on counterfactual quantum key distribution[J]. Physics Letters A, 2016, 380(18/19):1589-1592.
[2] 国家互联网应急中心.网络安全信息与动态周报[EB/OL].[2017-10-11]. http://www.cert.org.cn/publish/main/upload/File/2016CNCERT15.pdf.
[3] BAO C, FORTE D, SRIVASTAVA A. On reverse engineering-based hardware trojan detection[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2016, 35(1):49-57.
[4] NATH H V, MEHTRE B M. Analysis of a multistage attack embedded in a video file[J]. Information Systems Frontiers, 2015, 17(5):1029-1037.
[5] 康治平,向宏.特洛伊木马隐藏技术研究及实践[J].计算机工程与应用,2006,42(9):103-105. (KANG Z P, XIANG H. Research and practice on the concealing technology of Trojan horses[J]. Computer Engineering and Applications. 2006, 42(9):103-105.)
[6] ZHANGY Y Q, BI H. Research on machine-code level injection and HOOK technique[J]. Advanced Materials Research, 2011, 159:424-428.
[7] 潘勉,薛质,李建华,等.基于DLL技术的特洛伊木马植入新方案[J].计算机工程,2004, 30(18):110-112. (PAN M, XUE Z, LI J H, et al. New scheme for the injection of Trojan horse based on DLL[J]. Computer Engineering, 2004, 30(18):110-112.)
[8] 罗改龙,程胜利.基于端口复用技术的木马研究[J].计算机工程,2007,33(15):165-167. (LUO G L, CHENG S L. Research on Trojan horse based on port reuse technology[J]. Computer Engineering, 2007, 33(15):165-167.)
[9] 罗红,慕德俊,戴冠中,等.端口反弹型木马的通信技术研究[J].微电子学与计算机,2006,23(2):193-197. (LUO H, MU D J, DAI G Z, et al. Research on communication techniques for port recall Trojan horse[J]. Microelectronics & Computer, 2006, 23(2):193-197.)
[10] FAN Y, YE Y, CHEN L. Malicious sequential pattern mining for automatic malware detection[J]. Expert Systems with Applications, 2016, 52(C):16-25.
[11] PRELIPCEAN D B, POPESCU A S, GAVRILUT D T. Improving malware detection response time with behavior-based statistical analysis techniques[C]//Proceedings of the 20157th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing. Washington, DC:IEEE Computer Society, 2016:232-239.
[12] LIU Y-F, ZHANG L-W, LIANG J, et al. Detecting Trojan horses based on system behavior using machine learning method[C]//Proceedings of the 2010 International Conference on Machine Learning and Cybernetics. Piscataway:IEEE, 2010:855-860.
[13] QIN J, YAN H, SI Q, et al. A Trojan horse detection technology based on behavior analysis[C]//Proceedings of the 20106th International Conference on Wireless Communications Networking and Mobile Computing. Piscataway:IEEE, 2010:1-4.
[14] VENKATACHALAM N, ANITHA R. A multi-feature approach to detect Stegobot:a covert multimedia social network botnet[J]. Multimedia Tools & Applications, 2017, 76(4):6079-6096.
[15] WANG S, SANG J, SONG X, et al. Least significant qubit (LSQb) information hiding algorithm for quantum image[J]. Measurement, 2015, 73:352-359.
[16] SHINODA K, WATANABE A, HASEGAWA M, et al. Multispectral information hiding in RGB image using bit-plane-based watermarking and its application[J]. Optical Review, 2015, 22(3):469-476.
[17] ZHANG J, SHEN J, WANG L, et al. Coverless text information hiding nethod based on the word rank map[C]//ICCCS 2016:Proceedings of the 2016 International Conference on Cloud Computing and Security, LNCS 10039. Cham:Springer, 2016:145-155.
[18] CAO Q, SUN X, XIANG L. A secure text steganography based on synonym substitution[C]//Proceedings of the 13th IEEE Joint International Computer Science and Information Technology Conference. Piscataway:IEEE, 2013:1-3.
[19] 周琳娜,杨义先,郭云彪,等.基于二值图像的信息隐藏研究综述[J].中山大学学报(自然科学版),2004,143(S2):71-75. (ZHOU L N, YANG Y X, GUO Y B, HU L. The overview of binary image information hiding[J]. Acta Scientiarum Naturalium Universitatis Sunyatseni, 2004, 143(S2):71-75.)
[20] 李丹,高勇.适用于广播信道的时频调制音频隐藏算法[J].四川大学学报(自然科学版),2017,54(2):298-302. (LI D, GAO Y. Audio information hiding algorithm based on time-frequency modulation method applied in broadcast channel[J]. Journal of Sichuan University (Natural Science Edition). 2017, 54(2):298-302.)
[21] CHUNG K-L, HUANG Y-H, CHANG P-C, et al. Reversible data hiding-based approach for intra-frame error concealment in H.264/AVC[J]. IEEE Transactions on Circuits & Systems for Video Technology, 2010, 20(11):1643-1647.
[22] 张新鹏,钱振兴,李晟.信息隐藏研究展望[J].应用科学学报,2016,34(5):475-489. (ZANG X P, QIAN Z X, LI S. Prospect of digital steganography research[J]. Journal of Applied Sciences, 2016, 34(5):475-489.)
[23] JIANG C, PANG Y, GUO L, et al. A high capacity steganographic method based on quantization table modification[J]. Wuhan University Journal of Nature Sciences, 2011, 33(3):1611-1626.
[24] PROVOS N. Defending against statistical steganalysis[C]//SSYM'01:Proceedings of the 10th Conference on Usenix Security Symposium. Berkeley, CA:USENIX Association, 2001:24-24.
[25] KIM Y, DURIC Z, RICHARDS D. Modified matrix encoding technique for minimal distortion steganography[C]//IH 2006:Proceedings of the 2006 International Workshop on Information Hiding, LNCS 4437. Berlin:Springer, 2006:314-327.
[26] WANG C, NI J. An efficient JPEG steganographic scheme based on the block entropy of DCT coefficients[C]//Proceedings of the 2012 IEEE International Conference on Acoustics, Speech and Signal Processing. Piscataway, NJ:IEEE, 2012:1785-1788.
[27] HUANG F, HUANG J, SHI Y-Q. New channel selection rule for JPEG steganography[J]. IEEE Transactions on Information Forensics & Security, 2012, 7(4):1181-1191.
[28] 程森,张卫民,包震坤,等.基于DCT系数大小关系的自适应JPEG隐写[J].武汉大学学报:理学版,2012,58(6):545-550.(CHENG S, ZHANG W M, BAO Z K, et al. Based the Magnitude of DCT Coefficient Adaptive Steganographic Method for JPEG Images[J]. Journal of Wuhan University (Natural Science Edition), 2012, 58(6):545-550.)
[29] COX I J, KILIAN J, LEIGHTON F T, et al. Secure spread spectrum watermarking for multimedia[J]. IEEE Transactions on Image Processing, 1997, 6(12):1673-1687.

基于信息隐藏技术的木马植入方法

Trojan implantation method based on information hiding

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	张萌, 李维华. 用户互动表示下的影响力最大化算法[J]. 计算机应用, 2021, 41(7): 1964-1969.
[2]	孙鹤立, 徐统, 何亮, 贾晓琳. 融合用户历史行为与社交关系的个性化社交事件推荐方法[J]. 计算机应用, 2021, 41(2): 324-329.
[3]	赵旭剑, 王崇伟. 基于图卷积网络的微博新闻故事线抽取方法[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3139-3144.
[4]	李翔锟, 贾彩燕. 融合重叠社区正则化及隐式反馈的协同过滤方法[J]. 计算机应用, 2021, 41(1): 53-59.
[5]	盛俊, 李斌, 陈崚. 基于模块度和标签传递的推荐算法[J]. 计算机应用, 2020, 40(9): 2606-2612.
[6]	李春英, 汤庸, 肖政宏, 李天送. 学术社交网络中的权威学者推荐模型[J]. 计算机应用, 2020, 40(9): 2594-2599.
[7]	杨书新, 梁文, 朱凯丽. 社交网络中对立影响最大化算法[J]. 计算机应用, 2020, 40(7): 1944-1949.
[8]	易东义, 邓根强, 董超雄, 祝苗苗, 吕周平, 朱岁松. 基于图卷积神经网络的医保欺诈检测算法[J]. 计算机应用, 2020, 40(5): 1272-1277.
[9]	冯丽萍, 韩琦, 周志刚, 白增亮. 社交网络影响的不良信息扩散建模及最优控制策略[J]. 计算机应用, 2020, 40(3): 735-739.
[10]	单晓欢, 张志国, 宋宝燕, 任成林. 事件社交网中基于有向标签图及用户反馈的活动推荐方法[J]. 计算机应用, 2020, 40(2): 448-453.
[11]	孙鹤立, 何亮, 何方, 孙苗苗, 贾晓琳. 基于网络嵌入的稀疏子图发现算法[J]. 计算机应用, 2020, 40(10): 2929-2935.
[12]	何昊晨, 张丹红. 基于多维社交关系嵌入的深层图神经网络推荐方法[J]. 计算机应用, 2020, 40(10): 2795-2803.
[13]	郝志峰, 柯妍蓉, 李烁, 蔡瑞初, 温雯, 王丽娟. 基于图编码网络的社交网络节点分类方法[J]. 计算机应用, 2020, 40(1): 188-195.
[14]	邵长城, 陈平华. 融合社交网络和图像内容的兴趣点推荐[J]. 计算机应用, 2019, 39(5): 1261-1268.
[15]	王磊, 任航, 龚凯. 基于多维信任和联合矩阵分解的社会化推荐方法[J]. 计算机应用, 2019, 39(5): 1269-1274.