计算机科学

计算机科学 ›› 2016, Vol. 43 ›› Issue (1): 207-210.doi: 10.11896/j.issn.1002-137X.2016.01.046

• 信息安全 • 上一篇    下一篇

基于导入表迁移的PE文件信息隐藏技术研究

田祖伟,李勇帆,刘洋   

  1. 湖南第一师范学院信息科学与工程学院 长沙410205,湖南第一师范学院信息科学与工程学院 长沙410205,湖南第一师范学院信息科学与工程学院 长沙410205
  • 出版日期:2018-12-01 发布日期:2018-12-01
  • 基金资助:
    本文受国家自然科学基金项目(61373132),基础教育信息化技术湖南省重点实验室(2015TP1017),湖南省普通高等学校教学改革研究项目(2012[528]),湖南省大学生研究性学习和创新性实验计划项目(2014[248])资助

Research of PE File Information Hiding Based on Import Table Migration

TIAN Zu-wei, LI Yong-fan and LIU Yang   

  • Online:2018-12-01 Published:2018-12-01

PDF (PC)

535

摘要: 在分析PE文件导入表结构的基础上,利用Windows加载器的工作原理和PE文件导入表存储位置不确定性的特点,提出了一种迁移PE文件导入表并将信息隐藏在PE文件原导入表位置的信息隐藏算法。理论分析与实验结果表明,该算法较好地弥补了传统PE文件信息隐藏算法中隐藏信息过于集中、交换PE文件导入表数据结构元素将破坏隐藏信息的不足,提高了隐蔽性和抗攻击性。

关键词: PE文件,信息隐藏,导入表,导入表迁移

Abstract: On the base of analyzing the import table of PE file,using the work principle of Windows loader and the uncertainty of PE file import table’s storage location,an algorithm based on the import table migration was proposed.Information is hidden in the original import table space of PE file.Theory analysis and experiment result show that the algorithm overcomes the disadvantages of previous hiding information schemes,such as hidden information convergence and destruction of import table,which improves hidden and anti-attack ability.

Key words: PE file,Information hiding,Import table,Import table migration

[1] Petzold C.Windows程序设计(第5版珍藏版)[M].方敏,张胜,梁路平,等译.北京:清华大学出版社,2010:333-382
[2] Zaidan A A,Zaidan B B,Alanazi O H,et al.Novel approach for high (secure and rate) data hidden within triplex space for executable file[J].Scientific Research and Essayss,2010,5(15):1965-1977
[3] Long Fei-yu,Liu Jia-yong,Yuan Xi Software watermark based on structure transform of PE file import table[J].Journal of Computer Applications,2010,0(1):217-219(in Chinese)龙飞宇,刘嘉勇,袁熹.一种变换PE文件引入表结构的软件水印[J].计算机应用,2010,30(1):217-219
[4] Duanmu Qing-feng,Wang Yan-bo,Zhang Xiong-wei, et al.A spread spectrum software watermarking scheme based on the improt functions[J].Journal of Computer Research and Deve-lopment,2009,6(Suppl.):88-92(in Chinese) 端木庆峰,王衍波,张雄伟,等.基于导入函数引用次数的扩频软件水印方案[J].计算机研究与发展,2009,46(Suppl.):88-92
[5] Zhou Qing-lei,Li bin.Double software watermark scheme based on tamper-proofing[J].Computer Engineering,2013,9(7):185-188(in Chinese)周清雷,李斌.基于防篡改的双重软件水印方案[J].计算机工程,2013,39(7):185-188
[6] Zhang Meng,Chen Gou-xi,Zhang Peng-cheng.Executable file backdoor steganographic algorithm with highly efficient[J].Application Research of Computers,2013,0(4):1198-1200(in Chinese)张萌,陈够喜,张鹏程.高效可执行文件后门隐写算法[J].计算机应用研究,2013,30(4):1198-1200
[7] Jang J,Ji H,Hong J M,et al.Protecting Android applications with steganography-based software watermarking[C]∥Proceedings of the 28th Annual ACM Symposium on Applied Computing.Coimbra,2013:1657-1658
[8] Wei Wei-min,Liu Kun,Wan Xiao-peng.High capacity information hiding based on PE file format[J].Journal of Nanjing University of Science and Technology,2015,9(1):45-49(in Chinese)魏为民,刘锟,万晓鹏.PE文件格式的大容量信息隐藏技术[J].南京理工大学学报,2015,9(1):45-49
[9] 刘家超.基于行为分析的未知PE病毒检测技术研究[D].北京:北京邮电大学,2014
[10] Ji Yi-mu,Zhu Tong-hui,Chai Bo-zhou,et al.Hybrid encryption scheme and performance analsysi for user’s privacy in cloud[J].Journal of Chongqing University of Posts and Telecommunications(Natural Science Edition),2015,7(5):631-638(in Chinese)季一木,朱曈晖,柴博周,等.云环境下用户隐私混合加密方案及其性能分析[J].重庆邮电大学学报(自然科学版),2015,27(5):631-638
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发