| 基于vmem文件的隐藏信息检测研究 |
| |
| 引用本文: | 何祥,周安民,蒲伟,周妍.基于vmem文件的隐藏信息检测研究[J].信息安全与通信保密,2012(10):67-68,71. |
| |
| 作者姓名: | 何祥 周安民 蒲伟 周妍 |
| |
| 作者单位: | 1. 四川大学电子信息学院,四川成都,610065
2. 四川省信息安全测评中心,四川成都,610017 |
| |
| 摘 要: | 针对采用Rootkit技术进行隐藏的恶意程序,文中提出了一种基于虚拟机内外视图交叉比对的恶意程序检测方案来提取其隐藏的信息。该方案通过将虚拟机内部获取的不可信系统信息和虚拟机外部通过vmem文件分析得到的可信系统信息进行交叉比对,发现系统中被Rootkit所隐藏的进程信息,使得Rootkit类型恶意代码检测的有效性得到了保障。
|
| 关 键 词: | 恶意程序 虚拟机 vmem分析 Rootkit技术 交叉视图 |
Analysis on Malware's Hidden Information Detection based onVM's vmem File |
| |
| HE Xiang,ZHOU An-min,PU Wei,ZHOU Yan.Analysis on Malware's Hidden Information Detection based onVM's vmem File[J].China Information Security,2012(10):67-68,71. |
| |
| Authors: | HE Xiang ZHOU An-min PU Wei ZHOU Yan |
| |
| Affiliation: | 1School of Electronics and Information Engineering, Sichuan University, Chengdu Sichuan 610065, China; 2Sichuan Information Technology Security Evaluation Center, Chengdu Sichuan 610017, China) |
| |
| Abstract: | For detection of malware's hidden information with Rootkit, a new scheme based on VM Cross-view comparison is proposed. In this scheme, malwares are analyzed in a virtual machine and the information of the virtual machine is acquired from virtual machine itself and the vmem file in the host machine. By comparing the information, the process information hidden in the malware could thus be found. |
| |
| Keywords: | malware virtual machine vmem analysis Rootkit cross-view |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
