| 基于挂接系统服务调度表的隐藏进程检测技术 |
| |
| 引用本文: | 张清,牟永敏.基于挂接系统服务调度表的隐藏进程检测技术[J].北京机械工业学院学报,2008,23(1):51-53. |
| |
| 作者姓名: | 张清 牟永敏 |
| |
| 作者单位: | 北京信息科技大学计算机学院,北京100192 |
| |
| 摘 要: | 针对恶意软件躲避反恶意软件检测的进程隐藏技术,提出一种基于挂接系统服务调度表的进程检测方法,实现对隐藏进程的有效检测。通过挂接相应系统服务函数,在系统服务函数处理之前进行预处理,从而有效地防止了恶意软件通过拦截系统API函数的方式绕过进程检测。试验结果表明该检测方法是准确有效的。
|
| 关 键 词: | 恶意软件 进程隐藏技术 系统服务调度表(SSDT) 挂接 |
| 文章编号: | 1008-1658(2008)01-0051-03 |
| 修稿时间: | 2008年1月22日 |
Detection of hidden process via hooked SSDT |
| |
| ZHANG Qing,MU Yong-min.Detection of hidden process via hooked SSDT[J].Journal of Beijing Institute of Machinery,2008,23(1):51-53. |
| |
| Authors: | ZHANG Qing MU Yong-min |
| |
| Affiliation: | ZHANG Qing,MU Yong-min (School of Computer Science, Beijing Information Science and Technology University, Beijing 100192, China) |
| |
| Abstract: | A detection method via hooked system service dispatch table (SSDT) is used to detect hidden process in order to overcome the hidden process technology which is used by malicious software to avoid anti-malicious software detecting. By hooking system service function, pretreatment can be used to avoid bypassing by malicious software hooking system API. Test results demonstrate its accuracy and validity. |
| |
| Keywords: | malicious software hidden process system service dispatch table(SSDT) hook |
| 本文献已被 维普 万方数据 等数据库收录! |
