| 基于可执行路径分析的隐藏进程检测方法 |
| |
| 引用本文: | 韩芳.基于可执行路径分析的隐藏进程检测方法[J].计算机与数字工程,2009,37(1):115-117. |
| |
| 作者姓名: | 韩芳 |
| |
| 作者单位: | 三峡大学电气信息学院,宜昌,443002 |
| |
| 摘 要: | 研究了内核模式下进程隐藏的原理和进程隐藏检测技术。在此基础上,提出了一种Windows操作系统内核模式下基于可执行路径分析(EPA)的隐藏进程检测技术。通过检查某些关键系统函数执行时所用的指令个数,来判断这些函数是否执行了多余的代码,从而断定系统被Windows Rootkit修改过了。利用该方法,可以检测出当前常规安全检测工具不能发现的系统恶意程序的进程隐藏。
|
| 关 键 词: | 进程 隐藏 执行 路径 检测 |
Method of Detecting Hidden Process Based on EPA |
| |
| Han Fang.Method of Detecting Hidden Process Based on EPA[J].Computer and Digital Engineering,2009,37(1):115-117. |
| |
| Authors: | Han Fang |
| |
| Affiliation: | The College of Electrical Engineering and Information Technology;China Three Gorges University;Yichang 443002 |
| |
| Abstract: | The principle of hidden process and its detecting technology in the kernel mode has been analyzed.Furthermore,a new method based on Execution Path Analysis technology in the kernel mode of Windows operation system is put forward.The method judges whether more instructions are executed by calculating the number of instructions during the executing process of the function.Then,it gives the conclusion that whether the system is modified by Windows Rootkit or not.The method can be explored for detecting the int... |
| |
| Keywords: | process hide executive path detect |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
