Abstract:

Through analyzing the characteristics,types and communication mode of the Trojan program,a protection mechanism in kernel level based on NDIS intermediate driver technique on the windows platform is put forward.IP address and port number and the process of captured data packet are analyzed and judged to realize interception of Trojan virus communications and the identification of Trojan process.With the same interception rate of Trojan communications,it is obviously superior to the similar functional anti-Trojan software in the data packet processing speed.

Key words: trojan virus,NDIS driver,ip information,network security,legal process table