| Windows操作系统下内核级Rootkitss隐蔽技术研究 |
| |
| 引用本文: | 丁亮,谢余强,舒辉. Windows操作系统下内核级Rootkitss隐蔽技术研究[J]. 计算机工程与设计, 2006, 27(19): 3616-3618,3685 |
| |
| 作者姓名: | 丁亮 谢余强 舒辉 |
| |
| 作者单位: | 解放军信息工程大学,信息工程学院计算机科学系,河南,郑州,450002;解放军信息工程大学,信息工程学院计算机科学系,河南,郑州,450002;解放军信息工程大学,信息工程学院计算机科学系,河南,郑州,450002 |
| |
| 摘 要: | Rootkitss的主要作用是在隐藏自身的前提下以管理员的权限来实现对目标主机的控制.随着对内核机制的深入研究,内核级Rootkits的技术也得到了全面、深入的发展,对其的检测变得非常困难.研究内核级Rootkits的发展,深入分析内核级Rootkits自身隐藏、通信隐藏等隐蔽技术的工作原理及其具体的实现方法,结合最新的Rootkits分析现今应用于Rootkits中的新生关键技术,从而总结这些方法的优缺点,从中找到防范Rootkits的有效方法对于维护计算机安全有着重要的意义.
|
| 关 键 词: | 驱动程序 网络驱动接口 函数钩子 内核结构 隐藏 |
| 文章编号: | 1000-7024(2006)19-3616-03 |
| 收稿时间: | 2006-03-15 |
| 修稿时间: | 2006-03-15 |
Research on covert techniques of kernel-mode Rootkits under Windows |
| |
| DING Liang,XIE Yu-qiang,SHU Hui. Research on covert techniques of kernel-mode Rootkits under Windows[J]. Computer Engineering and Design, 2006, 27(19): 3616-3618,3685 |
| |
| Authors: | DING Liang XIE Yu-qiang SHU Hui |
| |
| Affiliation: | Department of Computer Science, College of Information Engineering, PLA Information Engineering University, Zhengzhou 450002, China |
| |
| Abstract: | Rootkits is mainly used to execute covert control on the host computer under an administrator's competence.The kernel system of Windows being more thoroughly exposed by peoples the kernel-level Rootkits techniques have been being laid on greater emphasis.It is very important to maintaining the security of computers to conduct an in-depth research on the operational mechanism by using kernel-level Rootkits in hiding its traces,and the involved core techniques that are beginning to catch on nowadays.It is very useful to expound the mechanism of the covert operation of mainstream kernel-level Rookit,to analyze some new key techniques employed for application of Rootkits to discuss the specific methods and to put them into practice. |
| |
| Keywords: | driver NDIS hook kernel hide |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
