| Windows系统下多种Rootkit隐藏方式分析以及探测方法研究 |
| |
| 引用本文: | 张亚航,刘波,韩啸,姜电波,靳远游.Windows系统下多种Rootkit隐藏方式分析以及探测方法研究[J].信息网络安全,2009(5):51-54. |
| |
| 作者姓名: | 张亚航 刘波 韩啸 姜电波 靳远游 |
| |
| 作者单位: | 北京大学软件与微电子学院信息安全系,北京,102600 |
| |
| 摘 要: | 在网络攻防中,系统攻击者最大的障碍,常常是作为系统安全守护者的安全防护软件。本文通过对windows NT操作系统下Rootbt隐藏机制的研究,分别实现了修改进程调度表SSDT、直接修改内核对象DKOM和修改IRP等多种Rootbt实现技术,达到对抗安全软件的目的。本文针对不同的Rootbt实现技术进行了Rootkit检测技术的研究和实现。
|
| 关 键 词: | Windows Rootkit SSDT DKOM IRP 检测技术 |
Research on kinds of RootKit Hiding and Detecting Technology in Windows OS |
| |
| ZHANG Ya-hang,LIU Bo,HAN Xiao,JIANG Dian-bo,JIN Yuan-you.Research on kinds of RootKit Hiding and Detecting Technology in Windows OS[J].Netinfo Security,2009(5):51-54. |
| |
| Authors: | ZHANG Ya-hang LIU Bo HAN Xiao JIANG Dian-bo JIN Yuan-you |
| |
| Affiliation: | ZHANG Ya-hang, LIU Bo, HAN Xiao, JIANG Dian-bo, J1N Yuan-you (Department of lnformation Security, SSM, Peking University, Beijing 102600, China) |
| |
| Abstract: | In the network attack and defense, the attacker's most important enemy is always be the System Security Defense Software. This paper studied kinds of Rootkit hiding technology, practiced some representative Rootkit in some different ways, such as modifying SSDT, DKOM, IRP, to hiding targets. This paper also studied and practiced kinds of Rootkit detecting technology contraposing different Rootkit tech as described above. |
| |
| Keywords: | Windows Rootkit SSDT DKOM IRP |
| 本文献已被 维普 万方数据 等数据库收录! |
|
