| 一种基于交叉视图的Windows Rootkit检测方法 |
| |
| 引用本文: | 白光冬,郭耀,陈向群.一种基于交叉视图的Windows Rootkit检测方法[J].计算机科学,2009,36(8):133-137. |
| |
| 作者姓名: | 白光冬 郭耀 陈向群 |
| |
| 作者单位: | 北京大学信息科学技术学院软件研究所高可信软件技术教育部重点实验室,北京,100871 |
| |
| 基金项目: | 国家科技支撑计划,国家高技术研究发展计划(863) |
| |
| 摘 要: | Rootkit被病毒、木马等恶意软件用来隐藏其在被入侵系统上的踪迹,使得它们能够在系统中潜伏较长时间,它的存在给系统及其使用者带来较大的安全隐患.首先对Windows rootkit进行了研究,以此为基础,从rootkit的行为入手,提出了基于进程检测进行rootkit检测的机制,并设计了一种基于交又视图的Windows rootkit检测方法.这种方法通过比较从系统高层和底层获得的进程列袁,从中检测出被rootkit隐藏的进程,其中,系统底层的进程列表通过在Windows内核中查找内核对象的方法获得.最后,利用这种方法实现了一个Windows rootkit检测工具Ⅵ一TAL,并选用若干有代表性的rootkit进行实验,通过和其他工具的对比,验证了这种方法具有较强的检测功能.
|
| 关 键 词: | rootkit检测 隐藏进程 |
| 收稿时间: | 2009/1/16 0:00:00 |
| 修稿时间: | 2009/3/12 0:00:00 |
Windows Rootkit Detection Method Based on Cross-view |
| |
| BAI Guang-dong,GUO Yao,CHEN Xiang-qun.Windows Rootkit Detection Method Based on Cross-view[J].Computer Science,2009,36(8):133-137. |
| |
| Authors: | BAI Guang-dong GUO Yao CHEN Xiang-qun |
| |
| Affiliation: | Key Laboratory of High Confidence Software Technologies;Ministry of Education;China Institute of Software;School of Electronics Engineering and Computer Science;Peking University;Beijing 100871;China |
| |
| Abstract: | Rootkits are often used by attackers to hide their trails in an infected system,so attackers can lurk in an invaded system for a longer time.Rootkits have become new threats to the security of OS.This paper first presented a su-mmary on rootkit and rootkit detection technologies on Windows.Built on the existing techniques,this paper proposed a new rootkit detection method to detect rootkits based on hidden processes.We designed a detection method based on cross-view,which detects hidden process by comparing... |
| |
| Keywords: | rootkit |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《计算机科学》浏览原始摘要信息 |
|
点击此处可从《计算机科学》下载全文 |
|
