一种新型的基于多种方法的Rootkit检测方案

A New Multi-way Rootkit Detection Method

由于Rootkit使用深层隐藏技巧,传统的基于文件系统过滤实现的反病毒检测软件已经很难检测其存在性,Rootkit已成为威胁信息系统安全的最棘手的问题。此外,由于商业机密、开发难度等原因,关于Rootkit检测技术的资料和有效工具还比较匮乏。在分析Rootkit检测系统结构的基础上,设计了一种针对Rootkit检测的总体技术方案,测试结果表明,依据该方案设计的软件比其他Rootkit检测软件更有效。

As using the deep-hidden techniques,it is very difficult for Rootkit to be detected by the traditional anti-virus detection software based on file system filter and it has become the most intractable problem to the security of information systems.In addition,for various reasons such as trade secrets,being difficult to be developed,and so on,Rootkit detection technology information and effective tools are still relatively scarce.In this paper,an overall technical solution is designed based on the analysis of Rootkit detection system structure.Test results show that software designed based on this method is more efficient than any other Rootkit detection software.