| Windows系统Rootkit隐藏技术研究与实践 |
| |
| 引用本文: | 康治平,向宏,胡海波.Windows系统Rootkit隐藏技术研究与实践[J].计算机工程与设计,2007,28(14):3337-3340,3343. |
| |
| 作者姓名: | 康治平 向宏 胡海波 |
| |
| 作者单位: | 重庆大学,软件学院,重庆,400044 |
| |
| 基金项目: | 国家电子政务信息安全保障试点工作基金 |
| |
| 摘 要: | Rootkit是一组后门工具的集合,是特洛伊木马发展的高级阶段,其在特洛伊木马众多类别中危害性最大.深入研究Rootkit技术,做到网络攻防知己知彼,对防范木马攻击,减少网络破坏,保护重要信息系统有重要意义.通过研究Windows环境中Rootkit的隐藏技术,结合协同隐藏思想,提出了Rootkit的形式化模型,并在此基础上开发了一个Windows系统下的Rootkit原型.实验结果表明,该原型达到了较好的隐藏效果,可以避开目前大多数检测工具的检测.
|
| 关 键 词: | 特洛伊木马 隐藏技术 协同隐藏 形式化模型 网络安全 Windows 信息系统 Rootkit 技术研究 实践 technology practice 检测工具 开目 效果 结果 实验 原型 开发 形式化模型 思想 协同隐藏 结合 隐藏技术 环境 |
| 文章编号: | 1000-7024(2007)14-3337-04 |
| 修稿时间: | 2006-07-28 |
Research and practice on concealing technology of Windows' Rootkit |
| |
| KANG Zhi-ping,XIANG Hong,HU Hai-bo.Research and practice on concealing technology of Windows'''' Rootkit[J].Computer Engineering and Design,2007,28(14):3337-3340,3343. |
| |
| Authors: | KANG Zhi-ping XIANG Hong HU Hai-bo |
| |
| Affiliation: | School of Soft-ware Engineering, Chongqing University, Chongqing 400044, China |
| |
| Abstract: | Rootkit is a collection of tools that allows a hacker to provide a backdoor into a system,collect information on other systems on the network,mask the fact that the system is compromised,and much more.It makes more damage to computer information resources in the network,compared with the usual Trojan horse.Researching Rootkit is significant to defend Trojan horse attacking,reduce the loss of network,and protect the kernel information system.Based on the study of the concealing technology of Rootkit on Windows system,it presents an idea of cooperative concealment between Rootkit's components,and also gives its formal model.Finally,a Rootkit prototype on the windows is proposed.The experiment shows that it owns a satisfied concealing,and can avoid most of current real-time detection. |
| |
| Keywords: | trojan horse concealing technology cooperative concealment formal model network security |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
