摘要
针对Rootkit具有隐藏、通信、监听等功能但存在典型木马特征对计算机系统危害严重问题,分析近年来Windows操作系统下Rootkit中各种主流隐藏技术(包括DKOM和各种钩子),指出当前单一检测方法的缺陷,提出综合性检测技术方案。实验结果表明,该方法达到较好的检测效果,可以对目前大多数Rootkit行为进行检测。
Rootkit is a program or a set of programs that an intruder uses to hide her presence on a computer system and to allow access to the computer system. This paper analyses the main concealing techniques of Windows Rootkits, including DKOM and Hook, inner Windows system and points out the limitation of these single detection method. An integrated detection method is proposed to detect Rootkits. The main idea and implementation steps are presented. Experimental result shows that it owns satisfied detection effect, and can detect most actions of Rootkit.
出处
《计算机工程》
CAS
CSCD
北大核心
2009年第10期118-120,共3页
Computer Engineering
基金
江西省自然科学基金资助项目(2007GZS1054)
华东交通大学校立科研基金资助项目(07JC03)
江西省教育厅基金资助项目(GJJ08256)
