| Windows下基于交叉视图的Rootkit进程隐藏检测技术 |
| |
| 引用本文: | 李建军,王庆生.Windows下基于交叉视图的Rootkit进程隐藏检测技术[J].电脑开发与应用,2011,24(5):56-57,60. |
| |
| 作者姓名: | 李建军 王庆生 |
| |
| 作者单位: | 太原理工大学计算机科学与技术学院; |
| |
| 摘 要: | 对现有的Windows Rootkit进程隐藏技术进行了研究,提出了基于交叉视图的Rootkit进程隐藏检测技术.该技术通过比较从操作系统的高层和底层获取到的进程列表来检测被Rootkit所隐藏的进程,其中,底层进程列表是通过搜索内存中的内核对象来获得的.实验表明,该技术具有较好的检测效果.
|
| 关 键 词: | Rootkit 进程隐藏 内存搜索 |
Hidden Process Detection Technique of Rootkit Based on Cross-View in Windows |
| |
| Li Jianjun et al.Hidden Process Detection Technique of Rootkit Based on Cross-View in Windows[J].Computer Development & Applications,2011,24(5):56-57,60. |
| |
| Authors: | Li Jianjun |
| |
| Affiliation: | Li Jianjun et al |
| |
| Abstract: | This paper studied the existing hidden process techniques of rootkit in Windows,and then proposed a hidden process detection technique of rootkit based on cross-view.This technique detects hidden process by comparing the process lists attained from operating system high-level and low-level respectively.In particular,the low-level process list is attained by searching the kernel objects in memory.Experiments show that this technique owns satisfied detection effect. |
| |
| Keywords: | rootkit process hiding memory search |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
