| 基于指令跳转分析的Windows RootKit动态检测技术 |
| |
| 引用本文: | 阮文波,张长河,刘胜利. 基于指令跳转分析的Windows RootKit动态检测技术[J]. 信息工程大学学报, 2007, 8(2): 221-226 |
| |
| 作者姓名: | 阮文波 张长河 刘胜利 |
| |
| 作者单位: | 信息工程大学,信息工程学院,河南,郑州,450002 |
| |
| 摘 要: | RootKit是用来维持黑客对计算机控制,使之无法检测的强力工具。当前传统的RootKit技术都有相对应的检测技术。文章介绍了内核对象内联挂接技术,延伸了现有的代码重定向技术,通过对内核对象调用路径的内联挂接,实现隐藏。现有的RootKit检测技术很难检测这种新型RootKit。因此,文章提出了基于指令跳转分析的动态RootKit检测技术,可以动态检测内核对象内联挂接的RootKit,并且能够指出这些RootKit程序的加载映像。
|
| 关 键 词: | 内联挂接 跳转分析 |
| 文章编号: | 1671-0673(2007)02-0221-06 |
| 修稿时间: | 2007-01-10 |
Dynamic Rootkit Detection Methodology Based on Branch Instruction Analysis |
| |
| RUAN Wen-bo,ZHANG Chang-he,LIU Sheng-]i. Dynamic Rootkit Detection Methodology Based on Branch Instruction Analysis[J]. , 2007, 8(2): 221-226 |
| |
| Authors: | RUAN Wen-bo ZHANG Chang-he LIU Sheng-]i |
| |
| Affiliation: | Institute of Information Engineering, Information Engineering University, Zhengzhou 450002, China |
| |
| Abstract: | RootKit is a set of powerful tools used by hackers to gain the access to the computers and make itself undetectable.This paper introduces a technique named kernel object inline hooking,which extends existing technique of code redirection,hides tracks through inline hooking of kernel object's dispatch routines.Existing detecting methodology of rootkit is difficult to detect this kind of new rootkit.So this paper illustrates a branch instruction analysis based dynamic detecting methodology of rootkit.This methodology could find running rootkit programs dynamically in the system,and point out the loading images of these rootkits. |
| |
| Keywords: | RootKit |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《信息工程大学学报》浏览原始摘要信息 |
|
点击此处可从《信息工程大学学报》下载免费的PDF全文 |
|
