CN108337207A - A kind of wooden horse threat detection method based on electromagnetic exposure - Google Patents
A kind of wooden horse threat detection method based on electromagnetic exposure Download PDFInfo
- Publication number
- CN108337207A CN108337207A CN201710037041.1A CN201710037041A CN108337207A CN 108337207 A CN108337207 A CN 108337207A CN 201710037041 A CN201710037041 A CN 201710037041A CN 108337207 A CN108337207 A CN 108337207A
- Authority
- CN
- China
- Prior art keywords
- wooden horse
- radiation
- electromagnetic
- frequency
- detection method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
Abstract
The wooden horse threat detection method based on electromagnetic exposure that the invention discloses a kind of, the wooden horse threat detection method based on electromagnetic exposure include the following steps:(1) electromagnetic spectrum for using detection device detection to be used based on radiation wooden horse determines that 4SFK frequency spectrums are to radiate the electromagnetic spectrum of wooden horse and reversely verified;(2) feature of communication is established according to radiation wooden horse, detect the communication channel of radiation wooden horse, to interfere 4SFK carrier waves, increase electromagnetic shielding measure and blocks radiation wooden horse communication, by the wooden horse threat detection method based on electromagnetic exposure effectively prevent radiation wooden horse invasion control, to the safety of national key message infrastructure play deeper into technical guarantee.
Description
Technical field
The present invention relates to technical field of network information safety, more particularly to a kind of wooden horse threat detection based on electromagnetic exposure
Method.
Background technology
Host computer equipment can generate electromagnetism in energization open state, and electromagnetism letter can be established based on electromagnetic exposure hacker
Special radiation wooden horse is implanted in object computer host equipment by road, and by radiating trojan horse program and radiation reception system
Association, form the non-contact invasion control of complete non-physical networking, radiation trojan horse program is implanted into after object computer, and radiation connects
Receipts system receives the signal that radiation trojan horse program is transmitted by object computer electromagnetic leakage, and provides output interface to relaying or note
Recording apparatus.Therefore radiation wooden horse operation principle must be studied, solves a series of detection key technology, such as:Radiation
The efficient modulation algorithm and program of wooden horse, the Weak Signal Processing isostructuralism technology under interference environment, radiation wooden horse selection
Frequency plays more the safety of national key message infrastructure to prevent the implementation of the advanced invasion control technology means of class here
Deep technical guarantee.
Thus, it is desirable to have a kind of wooden horse threat detection method based on electromagnetic exposure can overcome or at least mitigate existing skill
The drawbacks described above of art.
Invention content
The purpose of the present invention is to provide a kind of wooden horse threat detection method based on electromagnetic exposure overcomes or at least subtracts
The drawbacks described above of the light prior art.
In order to achieve the above object, a kind of wooden horse threat detection method based on electromagnetic exposure of the invention includes following step
Suddenly:
(1) electromagnetic spectrum for using detection device detection to be used based on radiation wooden horse determines that 4SFK frequency spectrums are radiation wooden horse
Electromagnetic spectrum and reversely verified;
(2) feature that communication is established according to radiation wooden horse, detects the communication channel of radiation wooden horse, to interfere 4SFK to carry
Wave increases electromagnetic shielding measure and blocks radiation wooden horse communication.
Preferably, the step (1) includes using detection device:Frequency spectrograph, oscillograph, electromagnetic wave darkroom, turntable, control
Computer, antenna, broadband receiver, digital processing system and test computer detection device establish the efficient tune of radiation wooden horse
Relationship between algorithm and key parameter processed, including:The radiation frequency of modulation and the relationship of CPU working environments, percentage modulation data
Transmission rate, individual parameter deviation, and on this basis, the system to radiate wooden horse designs the place with small-signal under interference environment
Reason sets up the simulated environment of radiation wooden horse.
Preferably, the antenna uses wide-bandwidth standards gain whip antenna, to realize the reception of broadband signal;The width
The broadband panoramic receiver with AM, WFM, NFM, SSB and DSB demodulation function is used with receiver.
Preferably, the electromagnetic spectrum that step (1) verifies radiation wooden horse by step in detail below is 4SFK frequency spectrums:
1. with host CPU electromagnetic radiation in the electromagnetic wave darkroom separation net;
2. being received to electromagnetic spectrum using the antenna and broadband receiver;
3. observing and recording the data of the frequency spectrograph and oscillograph;
4. turntable and the analysis for carrying out electromagnetic signal channel using digital processing system;
5. carrying out instruction transmission based on electromagnetic signal channel;
6. row selects the electromagnetic spectrum that can transmit instruction;
Only have 4SKF frequency spectrums can transmission data instruction 7. determining;
8. radiating wooden horse Systematic selection FSK modulation, that is, 4FSK of 4 carrier frequency points.
Preferably, the step (2) receives system detectio using radiation and radiates wooden horse communication channel, and the radiation receives system
System includes:Small-sized reception antenna, highly sensitive broadband receiver, demodulator circuit and signal process part;Small-sized reception day
Line uses wide-bandwidth standards gain whip antenna, and to realize the reception of broadband signal, highly sensitive broadband receiver, which uses, to be had
The broadband panoramic receiver of AM, WFM, NFM, SSB and DSB demodulation function.
Preferably, the step (2) detects radiation wooden horse communication channel by step in detail below:
1. the radiation reception system receives the radiation modulated electromagnetic exposure tunnel of wooden horse by the small-sized reception antenna
Road signal, and receiver Jing Guo the high sensitivity carries out the amplification of signal, frequency conversion and is filtered, and transforms to IF frequency
Signal demodulation is carried out, corresponding object computer data can be got after carrying out Digital Signal Processing;
2. implementing carrying redundant measure to the electromagnetic spectrum of reception;
3. radiating wooden horse uses FSK modulation demodulation modes;
4. determine only have 4SKF frequency spectrums can transmission data instruction, thereby determine that radiation wooden horse use 4SFK frequency spectrums, radiation wood
One section of regular data is sequentially modulated by horse program, and then broadband receiver is scanned, and when scanning is to a certain frequency, is connect
Receipts machine demodulates regular glide music.Close radiation trojan horse program, then glide music disappears, and opens radiation trojan horse program,
Then glide occurs, and is transmitted using 4SKF frequency spectrums to verify radiation wooden horse.
When host computer equipment energization open state generates electromagnetism, electromagnetism letter can be established based on electromagnetic exposure hacker
Special radiation wooden horse is implanted in object computer host equipment by road, and by radiating trojan horse program and radiation reception system
Association, form the non-contact invasion control of complete non-physical networking, or even generate strike destruction, through the invention based on electricity
The wooden horse threat detection method of magnetic leakage can prevent the implementation of such advanced invasion control technology means, to national key message
The safety of infrastructure play deeper into technical guarantee.
Description of the drawings:
Fig. 1 is the method flow schematic diagram of the wooden horse threat detection the present invention is based on electromagnetic exposure.
Fig. 2 is present invention radiation wooden horse 4FSK signal carrier frequency spectrum profiles.
Fig. 3 is the process flow block diagram that radiation signal is transformed to digital signal by the present invention.
Fig. 4 is frame (block) synchronizing signal and data-signal schematic diagram that the present invention demodulates.
Specific implementation mode:
To keep the purpose, technical scheme and advantage that the present invention is implemented clearer, below in conjunction in the embodiment of the present invention
Attached drawing, technical solution in the embodiment of the present invention is further described in more detail.In the accompanying drawings, identical from beginning to end or class
As label indicate same or similar element or element with the same or similar functions.Described embodiment is the present invention
A part of the embodiment, instead of all the embodiments.The embodiments described below with reference to the accompanying drawings are exemplary, it is intended to use
It is of the invention in explaining, and be not considered as limiting the invention.Based on the embodiments of the present invention, ordinary skill people
The every other embodiment that member is obtained without creative efforts, shall fall within the protection scope of the present invention.Under
Face is described in detail the embodiment of the present invention in conjunction with attached drawing.
Included the following steps according to the wooden horse threat detection method based on electromagnetic exposure of a broad embodiment of the invention:
(1) electromagnetic spectrum for using detection device detection to be used based on radiation wooden horse determines that 4SFK frequency spectrums are radiation wooden horse
Electromagnetic spectrum and reversely verified;
(2) feature that communication is established according to radiation wooden horse, detects the communication channel of radiation wooden horse, to interfere 4SFK to carry
Wave increases electromagnetic shielding measure and blocks radiation wooden horse communication.
FSK (Frequency-shift keying) frequency keying is changed using the frequency of carrier wave to transmit digital letter
Breath.It is to go keyed carrier frequency using the discrete characteristics taking value of baseband digital signal to transmit a kind of digital modulation skill of information
Art.Most commonly binary one and 0 double frequency FSK systems are carried with two frequencies.Radiation wooden horse has used 4 frequency points
FSK identifies radiation wooden horse with 4FSK.
As shown in Figure 1, finding out the electromagnetic spectrum used based on radiation wooden horse, the characteristic of communication is established by radiating wooden horse,
Detect radiation wooden horse communication channel, this method is applied widely, discrimination is high.FSK frequency keyings are to utilize carrier wave first
Frequency change and transmit digital information, illustrate that FSK can carry digital information transmission, it is to utilize baseband digital signal
Discrete characteristics taking value goes keyed carrier frequency to transmit a kind of digital modulation technique of information.Pass through the work point to radiating wooden horse
Analysis, detection method find that radiation wooden horse has used the FSK of 4 frequency points, radiation wooden horse are identified using 4FSK, under 4KSF carrier waves
Channel is established to carry out invalid information biography by radiating reception system using the electromagnetic radiation that computer equipment CPU is generated
It is defeated.Therefore the radiation trojan horse program for channel being established based on electromagnetic exposure can be implanted into object computer by electromagnetic signal channel, pass through radiation
Reception system receives radiation trojan horse program, reaches and transmits signal to object computer electromagnetic leakage.It in this way can be to avoid
Radiate the invasion of wooden horse
Wooden horse is radiated using FSK modulation demodulation modes.The selection of modulation system, it is contemplated that radiation wooden horse it is anti-interference,
The factors such as complex environment summarize following two principal elements:Wooden horse is radiated in different modulating frequencies, receiving sensitivity is different,
The modulating frequency for selecting receiving sensitivity relatively high is needed, in favor of the reception of signal;The selection of radiation wooden horse modulation carrier wave is wanted
Ensure that mutual influence is small as far as possible, bandwidth is wide as possible, is realized so that radiation wooden horse receives, improves radiation wooden horse
Efficiency and complexity.
The electromagnetic signal for radiating the radiation of wooden horse system is usually very faint, to realize that radiation signal reception needs wide band high-gain
Antenna, wideband high-sensitivity receiver.
Since the configuration of different computers is different, the frequency speed of the CPU of different model, read or write speed of memory etc.
Can be variant, therefore, the frequency of radiation signal has larger difference, and reception antenna is required to meet in wider bandwidth
Keep certain gain.Receiver is also required to have the function of frequency sweep simultaneously, and realization searches useful in certain frequency range
Radiation signal.
Higher gain may be implemented by whip antenna in detection method in 30-1500MHz frequency ranges.Detection
Method uses high sensitivity, broadband, digital tuning formula scheme to the reception for radiating wooden horse.Swept frequency range is from 1.5MHz-
1500MHz, frequency sweep stepping is up to 2.5kHz, the reachable -93dBm of receiving sensitivity.
As shown in Fig. 2, detection method by radiation signal it is received after, then through AD sampling transformations be digital signal, by one
After the signal processing of series, raw data file is recovered.
As shown in figure 3, digital filtering array mainly completes the filtering of 4FSK modulated signals, by each carrier frequency point respectively into
Row filtering forms 4 channels to separate each carrier frequency point.Digital demodulation is that 4 channel signals are carried out number
Detection, to recover digital baseband signal.Frame (block) synchronizing signal identification module be for extracting the synchronised clock in code stream,
And differentiate file header, data block head mark.The error code in correction data code flow is additionally aided simultaneously.Frame (block) data decode mould
Block is used to baseband digital signal reduction becoming original data file.Frame (block) data error control and error checking module are used
In completing, the synchronous correction of data, frame (block) length is corrected and the functions such as the error checking of data.
Using the method for finding radiation wooden horse communication, it can be found that radiation wooden horse realizes the method for remote data transmission in skill
It is practicable in art, and communication distance can meet 10 meters or more of basic demand.By the radiation wooden horse of discovery, it is based on
The controllable transmission technology of electromagnetic leakage can will specify document (being currently to specify certain WORD document) complete in test target machine
Be transmitted back to local.
Obviously, the above embodiment of the present invention is only intended to clearly illustrate examples made by the present invention, and is not to this
The restriction of the embodiment of invention.It for those of ordinary skill in the art, on the basis of the above description can be with
It makes other variations or changes in different ways.There is no necessity and possibility to exhaust all the enbodiments.And these belong to
It is still in the protection scope of this invention in the obvious changes or variations that the spirit of the present invention is extended out.
Claims (6)
1. a kind of wooden horse threat detection method based on electromagnetic exposure, which is characterized in that include the following steps:
(1) electromagnetic spectrum for using detection device detection to be used based on radiation wooden horse determines that 4SFK frequency spectrums are the electricity for radiating wooden horse
Magnetic frequency spectrum is simultaneously reversely verified;
(2) feature that communication is established according to radiation wooden horse, detects the communication channel of radiation wooden horse, to interfere 4SFK carrier waves, increases
Electromagnetic shielding measure is added to block radiation wooden horse communication.
2. the wooden horse threat detection method according to claim 1 based on electromagnetic exposure, it is characterised in that:The step
(1) include using detection device:Frequency spectrograph, oscillograph, electromagnetic wave darkroom, turntable, control computer, antenna, broadband receiver,
Digital processing system and the detection device of test computer are established between the efficient modulation algorithm and key parameter of radiation wooden horse
Relationship, including:The radiation frequency of modulation and the relationship of CPU working environments, percentage modulation data transmission rate, individual parameter deviation, and
On this basis, the system to radiate wooden horse designs the emulation that radiation wooden horse is set up with the processing of small-signal under interference environment
Environment.
3. according to claim 2 be used for the wooden horse threat detection method based on electromagnetic exposure, it is characterised in that:The day
Line uses wide-bandwidth standards gain whip antenna, to realize the reception of broadband signal;The broadband receiver use with AM,
The broadband panoramic receiver of WFM, NFM, SSB and DSB demodulation function.
4. the wooden horse threat detection method according to claim 2 based on electromagnetic exposure, it is characterised in that:Step (1) is logical
The electromagnetic spectrum for crossing step verification radiation wooden horse in detail below is 4SFK frequency spectrums:
1. with host CPU electromagnetic radiation in the electromagnetic wave darkroom separation net;
2. being received to electromagnetic spectrum using the antenna and broadband receiver;
3. observing and recording the data of the frequency spectrograph and oscillograph;
4. turntable and the analysis for carrying out electromagnetic signal channel using digital processing system;
5. carrying out instruction transmission based on electromagnetic signal channel;
6. row selects the electromagnetic spectrum that can transmit instruction;
Only have 4SKF frequency spectrums can transmission data instruction 7. determining;
8. radiating wooden horse Systematic selection FSK modulation, that is, 4FSK of 4 carrier frequency points.
5. the wooden horse threat detection method according to claim 1 based on electromagnetic exposure, it is characterised in that:The step
(2) it receives system detectio using radiation and radiates wooden horse communication channel, the radiation reception system includes:Small-sized reception antenna, height
Sensitive broadband receiver, demodulator circuit and signal process part;Small-sized reception antenna is whiplike using wide-bandwidth standards gain
Antenna, to realize the reception of broadband signal, highly sensitive broadband receiver, which uses, has AM, WFM, NFM, SSB and DSB demodulation
The broadband panoramic receiver of function.
6. the wooden horse threat detection method according to claim 5 based on electromagnetic exposure, it is characterised in that:The step
(2) radiation wooden horse communication channel is detected by step in detail below:
Believe 1. the radiation reception system receives the modulated electromagnetic exposure tunnel of radiation wooden horse by the small-sized reception antenna
Number, and receiver Jing Guo the high sensitivity carries out the amplification of signal, frequency conversion and is filtered, and transforms to IF frequency progress
Signal demodulates, and corresponding object computer data can be got after carrying out Digital Signal Processing;
2. implementing carrying redundant measure to the electromagnetic spectrum of reception;
3. radiating wooden horse uses FSK modulation demodulation modes;
4. determine only have 4SKF frequency spectrums can transmission data instruction, thereby determine that radiation wooden horse use 4SFK frequency spectrums, radiate wooden horse journey
One section of regular data is sequentially modulated by sequence, and then broadband receiver is scanned, when scanning is to a certain frequency, receiver
Demodulate regular glide music.Radiation trojan horse program is closed, then glide music disappears, and opens radiation trojan horse program, then slides
Sound occurs, and is transmitted using 4SKF frequency spectrums to verify radiation wooden horse.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710037041.1A CN108337207A (en) | 2017-01-19 | 2017-01-19 | A kind of wooden horse threat detection method based on electromagnetic exposure |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710037041.1A CN108337207A (en) | 2017-01-19 | 2017-01-19 | A kind of wooden horse threat detection method based on electromagnetic exposure |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108337207A true CN108337207A (en) | 2018-07-27 |
Family
ID=62922690
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710037041.1A Pending CN108337207A (en) | 2017-01-19 | 2017-01-19 | A kind of wooden horse threat detection method based on electromagnetic exposure |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108337207A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111949988A (en) * | 2020-07-03 | 2020-11-17 | 中国电子科技网络信息安全有限公司 | Active electromagnetic vulnerability detection system and method for physically isolated computer |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060105726A1 (en) * | 2004-11-18 | 2006-05-18 | Tateo Masaki | Leakage electromagnetic wave communication device |
| US20100125915A1 (en) * | 2008-11-17 | 2010-05-20 | International Business Machines Corporation | Secure Computer Architecture |
| CN204945994U (en) * | 2015-08-26 | 2016-01-06 | 黑龙江省康格尔科技有限公司 | A kind of reception of computing machine electromagnetic information leakage and playback system |
| CN105807204A (en) * | 2016-03-08 | 2016-07-27 | 天津大学 | Spectrum refinement-based hardware Trojan detection method |
-
2017
- 2017-01-19 CN CN201710037041.1A patent/CN108337207A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060105726A1 (en) * | 2004-11-18 | 2006-05-18 | Tateo Masaki | Leakage electromagnetic wave communication device |
| US20100125915A1 (en) * | 2008-11-17 | 2010-05-20 | International Business Machines Corporation | Secure Computer Architecture |
| CN204945994U (en) * | 2015-08-26 | 2016-01-06 | 黑龙江省康格尔科技有限公司 | A kind of reception of computing machine electromagnetic information leakage and playback system |
| CN105807204A (en) * | 2016-03-08 | 2016-07-27 | 天津大学 | Spectrum refinement-based hardware Trojan detection method |
Non-Patent Citations (2)
| Title |
|---|
| 张小武: "一种新的电磁泄露隐患", 《计算机安全》 * |
| 杨文翰: "实用化的计算机辐射信息截获技术研究", 《中国博士学位论文全文数据库 基础科学辑》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111949988A (en) * | 2020-07-03 | 2020-11-17 | 中国电子科技网络信息安全有限公司 | Active electromagnetic vulnerability detection system and method for physically isolated computer |
| CN111949988B (en) * | 2020-07-03 | 2022-04-22 | 中国电子科技网络信息安全有限公司 | Active electromagnetic vulnerability detection system and method for physically isolated computer |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Ureten et al. | Wireless security through RF fingerprinting | |
| US7171177B2 (en) | Communication apparatus and method using human body as medium | |
| CN109194365A (en) | A kind of two-dimensional pattern modulation frequency-hopping communication method | |
| US7103086B2 (en) | Frequency hopping data radio | |
| US10243769B2 (en) | Communication apparatus for increasing communication speeds, spectral efficiency and enabling other benefits | |
| CN110381510B (en) | Non-orthogonal multiple access authentication system based on superimposed physical layer authentication label | |
| CN112689972A (en) | Transmission device and transmission method, and reception device and reception method | |
| CN110324830B (en) | Non-orthogonal multiple access authentication system based on time division multiplexing physical layer authentication label | |
| Nicolussi et al. | Aircraft fingerprinting using deep learning | |
| CN108337207A (en) | A kind of wooden horse threat detection method based on electromagnetic exposure | |
| Baldini et al. | Measures to address the lack of portability of the RF fingerprints for radiometric identification | |
| Smailes et al. | Watch this space: Securing satellite communication through resilient transmitter fingerprinting | |
| US20230236279A1 (en) | Systems and methods for detecting unmanned aerial vehicles via radio frequency analysis | |
| CN105337672B (en) | Sound wave transmitting method, sound wave receiving method, sound wave transmitting device, sound wave receiving device and sound wave receiving system | |
| Nika et al. | Toward practical spectrum permits | |
| JP6264937B2 (en) | COMMUNICATION DEVICE, COMMUNICATION SYSTEM, AND COMMUNICATION METHOD | |
| CN114449500B (en) | Near field communication method, device and chip | |
| Bender | DJI drone IDs are not encrypted | |
| Dai et al. | Magcode: Nfc-enabled barcodes for nfc-disabled smartphones | |
| Gu et al. | Secure data timestamping in synchronization-free lorawan | |
| CN111683363B (en) | Physical layer authentication method and system in spatial modulation system | |
| Zhang et al. | Wi-Fi device identification based on multi-domain physical layer fingerprint | |
| CN103336978B (en) | A kind of RFID label tag radio-frequency fingerprint Verification System | |
| Rudolph | Analyzing Security-related Signals Using Software defined Radio | |
| US11395140B2 (en) | Belief propagation-based physical layer blind authentication method and system for time-varying fading channels |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180727 |