| 基于HSC的进程隐藏检测技术 |
| |
| 引用本文: | 何志,范明钰. 基于HSC的进程隐藏检测技术[J]. 计算机应用, 2008, 28(7): 1772-1775 |
| |
| 作者姓名: | 何志 范明钰 |
| |
| 作者单位: | 电子科技大学,计算机科学与工程学院,成都,610054;电子科技大学,信息安全研究中心,成都,610054 |
| |
| 基金项目: | 北京电子科技学院开放基金 , 国家自然科学基金 |
| |
| 摘 要: | 介绍了目前Windows下常见的进程隐藏检测技术,提出了基于截获系统调用(HSC)的进程隐藏检测技术,利用隐藏进程的行为特征,通过截获系统调用建立完整的进程列表来检测隐藏进程,并针对该技术对抗RootKit的攻击提出了改进。该种隐藏进程的检测方法十分可靠,可以检测出常规安全检测工具不能发现的系统恶意程序。
|
| 关 键 词: | 截获系统调用 进程隐藏 RootKit |
| 收稿时间: | 2008-01-02 |
Research of HSC-based hidden process detection technique |
| |
| HE Zhi,FAN Ming-yu. Research of HSC-based hidden process detection technique[J]. Journal of Computer Applications, 2008, 28(7): 1772-1775 |
| |
| Authors: | HE Zhi FAN Ming-yu |
| |
| Affiliation: | HE Zhi1,2,FAN Ming-yu1,2(1.School of Computer Science , Engineering,University of Electronic Science , Technology of China,Chengdu Sichuan 610054,China,2.Research Center of Information Security,China) |
| |
| Abstract: | This article introduced normal hidden process detection techniques in Windows, and brought forth Hook System Call (HSC) based hidden process detection technique. Finally it improved the detection technique to withstand RootKit's attack. This technique made use of hidden process's action characteristics to hook system call for establishing integrated process list, and then detected hidden process. This detection method is more reliable, so it can detect more malware's intrusions than general security detection softwares. |
| |
| Keywords: | hook system call hidden process RootKit |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
|
