| 自动探测和保护确保内核完整性 |
| |
| 引用本文: | 何进,范明钰,王光卫.自动探测和保护确保内核完整性[J].电子科技大学学报(自然科学版),2014,43(4):585-590. |
| |
| 作者姓名: | 何进 范明钰 王光卫 |
| |
| 作者单位: | 1.电子科技大学计算机科学与工程学院 611731 |
| |
| 基金项目: | 国家863重点项目(2009AA01Z435,2009AA01Z403);国家自然科学基金(60373109,60272091) |
| |
| 摘 要: | 内核rookits攻击对内核完整性构成致命威胁,因此对内核rootkits探测和防护确保内核完整性是当前研究的热点,然而现有的研究总存在不足:要么侧重内核rootkits防护,要么侧重内核rootkits探测,并未将两者相结合确保内核完整性。鉴于此,本文将探测和保护相结合形成一个自动联动机制,从而构成了基于探测保护的一体化系统ADPos来确保内核完整性。实验表明ADPos系统既能自动全面有效地探测与防护,而且又不牺牲系统性能为代价,并且兼容多种OS系统、同时防零日攻击。
|
| 关 键 词: | ADPos 探测模式 联动 内核完整性 保护模式 rootkits |
| 收稿时间: | 2013-03-21 |
Automatic Detection and Protection System to Ensure Kernel Integrity |
| |
| Affiliation: | 1.School of Computer Science and Engineering,University of Electronic Science and Technology of China Chengdu 611731 |
| |
| Abstract: | Kernel-level rootkits pose a fatal threat to kernel integrity, so kernel-level rootkits detection and protection has become a hot topic. However, there are some drawbacks in these existing efforts: either focusing on rootkits protection, or focusing on rootkits detection, without the combination of both to ensure kernel integrity. In view of this situation, this paper designs a complete automatic interactive mechanism based on the detection and protection of kernel-level rootkits, thus forming an integrated detection and protection system (ADPos) to guarantee kernel integrity. The experiments show that the ADPos system can not only automatically detect and protect kernel integrity, but also does not sacrifice the system performance for the price. Moreover, the system is compatible with a variety of OS systems and against zero-day attacks. |
| |
| Keywords: | |
|
| 点击此处可从《电子科技大学学报(自然科学版)》浏览原始摘要信息 |
|
点击此处可从《电子科技大学学报(自然科学版)》下载全文 |
|
