| Rootkit攻防机制与实现方法 |
| |
| 引用本文: | 李馥娟,王群.Rootkit攻防机制与实现方法[J].电信科学,2018,34(12):33-45. |
| |
| 作者姓名: | 李馥娟 王群 |
| |
| 作者单位: | 江苏警官学院计算机信息与网络安全系,江苏 南京 210031 |
| |
| 基金项目: | “十三五”江苏省重点建设学科建设工程资助项目(2016-0838);江苏高校品牌专业建设工程资助项目(PZY2015C203);江苏省第五期“333工程”科研项目资助(BRA2017443);江苏高校哲学社会科学研究基金项目(2018SJA0456) |
| |
| 摘 要: | Rootkit是一类能够攻击系统内核且实现深度隐藏的恶意代码,已对网络安全造成了严重威胁。首先,介绍了Rootkit/Bootkit的基本特征,对比分析了用户模式和内核模式下Rootkit攻击的特点;接着,重点剖析了 Rootkit 攻击涉及的挂钩、DKOM 和虚拟化技术的实现原理及工作机制;最后,结合具体的攻击行为讨论了针对Rootkit攻击的主要检测方法和防御技术。
|
| 关 键 词: | 网络攻防 恶意代码 Rootkit 挂钩攻击 网络安全 |
Mechanism and implementation of Rootkit attack and defense |
| |
| Fujuan LI,Qun WANG.Mechanism and implementation of Rootkit attack and defense[J].Telecommunications Science,2018,34(12):33-45. |
| |
| Authors: | Fujuan LI Qun WANG |
| |
| Affiliation: | Department of Computer Information and Cyber Security,Jiangsu Police Institute,Nanjing 210031,China |
| |
| Abstract: | Rootkit is a set of malicious codes that can attack the system kernel and achieve deep hiding,which has posed serious threats to cyber security.Firstly,the basic features of Rootkit/Bootkit were introduced,and the characteristics of Rootkit attacks in user mode and kernel mode were compared and analyzed.Thereafter,the implementation principles and working mechanisms of Hook,DKOM and virtualization technologies involved in Rootkit attacks were emphatically analyzed.Combined with the specific attack behaviors,the main detection methods and defense techniques for Rootkit attacks were discussed at the end. |
| |
| Keywords: | network attack and defense malware Rootkit hooking attack network security |
|
| 点击此处可从《电信科学》浏览原始摘要信息 |
|
点击此处可从《电信科学》下载全文 |
