摘要
Rootkit是一组后门工具的集合,是特洛伊木马发展的高级阶段,其在特洛伊木马众多类别中危害性最大。深入研究Rootkit技术,做到网络攻防知己知彼,对防范木马攻击,减少网络破坏,保护重要信息系统有重要意义。通过研究Windows环境中Rootkit的隐藏技术,结合协同隐藏思想,提出了Rootkit的形式化模型,并在此基础上开发了一个Windows系统下的Root-kit原型。实验结果表明,该原型达到了较好的隐藏效果,可以避开目前大多数检测工具的检测。
Rootkit is a collection of tools that allows a hacker to provide a backdoor into a system, collect information on other systems on the network, mask the fact that the system is compromised, and much more. It makes more damage to computer information resources in the network, compared with the usual Trojan horse. Researching Rootkit is significant to defend Trojan horse attacking, reduce the loss of network, and protect the kernel information system. Based on the study of the concealing technology of Rootkit on Windows system, it presents an idea of cooperative concealment between Rootkit's components, and also gives its formal model. Finally, a Rootkit prototype on the windows is proposed. The experiment shows that it owns a satisfied concealing, and can avoid most of current real-time detection.
出处
《计算机工程与设计》
CSCD
北大核心
2007年第14期3337-3340,3343,共5页
Computer Engineering and Design
基金
国家电子政务信息安全保障试点工作基金项目(200402008)
关键词
特洛伊木马
隐藏技术
协同隐藏
形式化模型
网络安全
trojan horse
concealing technology
cooperative concealment
formal model
network security
