| 针对插入攻击型Bootkit的分析及检测 |
| |
| 引用本文: | 朱瑜,刘胜利,陈嘉勇,高洪博. 针对插入攻击型Bootkit的分析及检测[J]. 小型微型计算机系统, 2012, 33(7): 1462-1467 |
| |
| 作者姓名: | 朱瑜 刘胜利 陈嘉勇 高洪博 |
| |
| 作者单位: | 1. 解放军信息工程大学网络工程系,郑州,450002
2. 解放军信息工程大学计算机科学与技术系,郑州,450002 |
| |
| 基金项目: | 国家"八六三"高技术研究发展计划项目 |
| |
| 摘 要: | 通过分析Bootkit采用的关键技术,研究目前已有Bootkit样本的工作原理,给出插入攻击型Bootkit形式化描述,建立一个通用的插入攻击型Bootkit模型.针对该模型建立了Bootkit检测模型,并在检测模型基础上提出新的检测算法.新算法不仅能检测目前已有的样本,而且适用于所有符合插入攻击型Bootkit模型的未知Bootkit.最后对该检测算法进行了测试,实验结果表明,提出的算法可对Windows平台上的多款基于NT内核的Bootkit实现有效检测,同时能够确定Bootkit的类型.
|
| 关 键 词: | 信息安全 恶意代码 Rootkit 插入攻击型Bootkit Bootkit检测模型 |
Analysis and Detection to Inserted Attacking Bootkit |
| |
| ZHU Yu , LIU Sheng-li , CHEN Jia-yong , GAO Hong-bo. Analysis and Detection to Inserted Attacking Bootkit[J]. Mini-micro Systems, 2012, 33(7): 1462-1467 |
| |
| Authors: | ZHU Yu LIU Sheng-li CHEN Jia-yong GAO Hong-bo |
| |
| Affiliation: | 1(People′s Liberation Army Information Engineering University,Network Engineering Department,Zhengzhou 450002,China) 2(People′s Liberation Army Information Engineering University,Computer Science and Technology Department,Zhengzhou 450002,China) |
| |
| Abstract: | Some current Bootkit samples are researched.Based on the understanding of their working principle,a common model of inserted attacking Bootkit is established.Furthermore,a Bootkit detection model is set up aimed at the model of inserted attacking Bootkit and a new detection algorithm is proposed.The new algorithm can not only detect existed samples,but also discover unknown Bootkit which is corresponding with the model of inserted attacking Bootkit.The experimental result indicates that the presented algorithm can effectively detect many kinds of Bootkit based on NT kernel which is running in Windows platform. |
| |
| Keywords: | information security malicious code Rootkit inserted attacking Bootkit Bootkit detection model |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
