期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于协同特征的BIOS Rootkit检测技术 被引量:3

BIOS Rootkit Detection Technology Based on Cooperation Feature
下载PDF
导出
摘要 对木马模型框架的理论及其协同隐藏模型进行研究和分析,给出BIOS Rootkit协同隐藏模型的具体形式化描述,提出一种在Windows环境下基于协同特征的BIOS Rootkit检测技术。针对现有BIOS Rootkit检测技术存在能查但不能正常恢复的问题,采用搜索特征码并动态恢复的技术解决。实验结果表明,该检测技术具有良好的可靠性、检测效率和完整性。 To research and analyze the theory of framework for modeling trojans and trojans model about cooperative concealment,this paper gives BIOS Rootkit’s formal model about cooperative and presents a BIOS Rootkit detection technology based on the character of cooperation in Windows environment.Current detection technology of BIOS Rootkit can detect but lacks the function of resuming,so the method uses characteristic of codes searching and dynamic resuming to solving it.Experimental results show that this is a detection method of higher reliability,efficiency and integrity.
作者 邓立丰 王宏霞
机构地区 西南交通大学信息科学与技术学院 西南交通大学信息安全与国家计算网格实验室
出处 《计算机工程》 CAS CSCD 北大核心 2010年第15期134-136,139,共4页 Computer Engineering
基金 四川省青年科技基金资助项目(07ZQ026-004)
关键词 协同隐藏 BIOS ROOTKIT技术 检测 cooperative concealment BIOS Rootkit technology detection
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献9

  • 1Greg H,James B.Rootkits:Subverting the Windows Kernel[M].[S.l.]:Addison-Wesley Professional,2006.
  • 2杨彦,黄皓.Windows Rootkit隐藏技术研究[J].计算机工程,2008,34(12):152-153. 被引量:14
  • 3Thimbleby H,Anderson S,Cairnsp A.Framework for Modeling Trojans and Computer Virus Infection[J].The Computer Journal,1998,41(7):444-458.
  • 4张新宇,卿斯汉,马恒太,张楠,孙淑华,蒋建春.特洛伊木马隐藏技术研究[J].通信学报,2004,25(7):153-159. 被引量:43
  • 5Russinovich M E,Solomon D A.深入解析Windows操作系统[M].4版.潘爱民,译.北京:电子工业出版社,2007.
  • 6Intel.Intel Architecture Software Developer's Manual,Volume 3:System Programming Guide[Z].2003.
  • 7Richard C,Detmer R C.Introduction to 80x86 Assembly Language and Computer Architecture[M].北京:机械工业出版社,2006.
  • 8Icelord.BIOS RootKit[EB/OL].(2008-12-23).http://www.xfocus.net/articles/200705/918.html.
  • 9Cheng5103.BIOS中隐藏Telnet后门[EB/OL].(2009-02-17).http://www.xfocus.net/articles/200903/992.html.

二级参考文献14

  • 1ADLEMAN L M. An abstract theory of computer viruses[A]. 8th Annual International Cryptology Conference[C]. Santa Barbara, California, USA, 1988.
  • 2COHEN F. Computer viruses: theory and experiments[J]. Computers and Security, 1987, 6(1): 22-35.
  • 3COHEN F. On the implications of computer viruses and methods of defense[J]. Computers and Security, 1988, 7(2):167-184.
  • 4COHEN F. A Cryptographic checksum for integrity protection[J]. Computers and Security, 1987, 6(6): 505-510.
  • 5COHEN F. Models of practical defenses against computer viruses[J]. Computers and Security, 1989, 8(2): 149-160.
  • 6THIMBLEBY H, ANDERSON S, CAIRNS P. A framework for modelling trojans and computer virus infection[J]. The Computer Journal, 1998, 41(7): 444-458.
  • 7THOMPSON K. Reflections on trusting trust[J]. Communication of the ACM, 1984, 27(8): 761-763.
  • 8EGGERS K W, MALLETT P W. Characterizing network covert storage channels[A]. Aerospace Computer Security Applications Conference[C]. Orlando, FL, USA, 1988.
  • 9AHSAN K, KUNDUR D. Practical data hiding in TCP/IP[A]. Proc Workshop on Multimedia Security at ACM Multimedia[C]. French Riviera, 2002.
  • 10Hoglund G. The Definition of a Rootkit[DB/OL]. (2006-02-05). http://www.rootkit.com/blog.php?newsid=440.

共引文献55

同被引文献24

  • 1张新宇,卿斯汉,马恒太,张楠,孙淑华,蒋建春.特洛伊木马隐藏技术研究[J].通信学报,2004,25(7):153-159. 被引量:43
  • 2Tom S, Don A. PCI System Architecture[M]. [S. l.]: MindShare Inc., 1999.
  • 3John H. Implement and Detecting an ACPI Bios Rootkit[C]//Proc. of Black Hat. [S. l.]: IEEE Press, 2006.
  • 4John H. Implementing and Detecting a PCI Rootkit[EB/OL] (2010-10-20). http://feishare.com/pci/ref-implementing-and-detec- ting-a-pci-rootkit.
  • 5PCI-SIG. PCI Firmware Specification Revision 3.0[EB/OL]. (2010-10-20). http://www.pcisig.com/specifications/convention- nal/pci_firmware.
  • 6Compaq, Phoenix. BIOS Boot Specification Version 1.01[EB/OL]. (2010-10-21). http://www.phoenix.com/docs/specsbbs 101.pdf.
  • 7Trusted Computing Group. TPM Main Part 2 TPM Structures[EB/OL]. (2010-10-21). https://www.trustedcomputinggroup.org/specs/TPM/ mainP2Structrev103.pdf.
  • 8李清宝,孟庆倩,曾光裕.基于扩展ROM技术的网络安全隔离卡设计[J].计算机工程,2008,34(1):281-282. 被引量:2
  • 9赵佳,沈昌祥,刘吉强,韩臻.基于无干扰理论的可信链模型[J].计算机研究与发展,2008,45(6):974-980. 被引量:29
  • 10胡和君,范明钰,王光卫.基于MBR的Windows bootkit隐藏技术[J].计算机应用,2009,29(B06):83-85. 被引量:4

引证文献3

二级引证文献5

计算机工程
2010年 第15期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部