学术
摘 要:
隐蔽性恶意程序Rootkit通过篡改系统内核代码与指令,导致操作系统返回虚假的关键系统信息,从而逃避管理员和主机型安全工具的检查。通过分析Rootkit技术的实现原理,包括进程、TCP端口、注册表和文件的隐藏技术,提出了基于差异分析的隐藏行为检测技术。该技术将可信任的系统信息与不可信任的系统信息进行比较,从而获得被隐藏的信息。最终实现了相应的原型系统。与特征码扫描法相比,该检测方法检测在未知和变形Rootkit方面具有明显优势。[著者文摘]
文章出处:
《计算机科学》-2008年35卷2期 -96-98页
栏目信息:
Variance Analysis Based Stealthy Malicious Code Detection
CAO Yue ,LIANG Xiao ,LI Yi-Chao ,HE Zi-Ang (Laboratory of Network Attack & Defense, School of Computer Science and Engineering, UEST of China, Chengdu 610054)
Abstract:
Stealthy malicious r.ootkits evade inspection of administrators and.host-based.security detection tools by modifying operating system kernel programs and instructions, then bring unreal pivotal information to system and securityutilities. With the analysis of the malicious code hidden technology, we present a stealthy malicious code detection technology base on the analysis of the differences. This technology compares the trusty system information with untrusty ones, and regards the differences as hidden information. Finally we establish a trusted cooperation detection model with its prototype. Compared with signature scanning method, our method is demonstrated much superior on detecting unknown and metamorphous rootkits, which gets authenticdetection results.[著者文摘]
Key words:
Intrusion detection, Malware, Rootkit, Stealth
基金资助:
国家科技基础条件平台工作基金资助项目(2003DIA7J051).
更多>>免费文章
cqvip.com