摘要
介绍了目前Windows下常见的进程隐藏检测技术,提出了基于截获系统调用(HSC)的进程隐藏检测技术,利用隐藏进程的行为特征,通过截获系统调用建立完整的进程列表来检测隐藏进程,并针对该技术对抗RootKit的攻击提出了改进。该种隐藏进程的检测方法十分可靠,可以检测出常规安全检测工具不能发现的系统恶意程序。
This article introduced normal hidden process detection techniques in Windows, and brought forth Hook System Call (HSC) based hidden process detection technique. Finally it improved the detection technique to withstand RootKit's attack. This technique made use of hidden process's action characteristics to hook system call for establishing integrated process list, and then detected hidden process. This detection method is more reliable, so it can detect more malware's intrusions than general security detection softwares.
出处
《计算机应用》
CSCD
北大核心
2008年第7期1772-1775,共4页
journal of Computer Applications
基金
北京电子科技学院开放基金资助项目(KFHT200704)
国家自然科学基金资助项目(60373109)