| 一种基于交叉视图的Windows Rootkit检测方法 |
| |
| 引用本文: | 傅德胜,曹成龙.一种基于交叉视图的Windows Rootkit检测方法[J].信息技术,2011(6):26-29. |
| |
| 作者姓名: | 傅德胜 曹成龙 |
| |
| 作者单位: | 南京信息工程大学计算机与软件学院,南京,210044 |
| |
| 摘 要: | 针对rootkit采用隐藏注册表达到隐藏自身的目的,从rootkit的自启动行为入手,提出了依据注册表隐藏信息检测rootkit的机制,并设计了一种基于交叉视图的Windows rootkit检测方法。这种方法通过比较从内核态和用户态枚举的注册表信息,从中检测出被rootkit隐藏的注册表项目,继而检测出rootkit。最后,通过一个代表性的实例验证了这种方法具有较好的检测效果。
|
| 关 键 词: | rootkit检测 交叉视图 注册表 用户态 内核态 |
A Windows Rootkit detection method based on cross-view |
| |
| FU De-sheng,CAO Cheng-long.A Windows Rootkit detection method based on cross-view[J].Information Technology,2011(6):26-29. |
| |
| Authors: | FU De-sheng CAO Cheng-long |
| |
| Affiliation: | (School of Computer and Software,Nanjing University of Information Science and Technology,Nanjing 210044,China) |
| |
| Abstract: | Aimed at the problem of rootkit hiding itself by hiding registry information,from the auto-start behavior of rootkit,this paper presented a rootkit detection mechanism based on the hidden registry information,and designed a Windows rootkit detection method based on cross-view.This method by comparing from the kernel mode and user mode enumeration of the registry information found the registry hidden items by rootkit,and then detected the rootkit.Finally,a representative example shows this method has good detection. |
| |
| Keywords: | rootkit detection cross-view registry user mode kernel mode |
| 本文献已被 CNKI 万方数据 等数据库收录! |
