期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于虚拟机的Rootkit检测系统 被引量:4

A New Rootkit Detection System Based on Virtual Machine
下载PDF
导出
摘要 内核级Rootkit位于操作系统核心层,可以篡改内核地址空间的任意数据,对系统安全构成了巨大的威胁。目前基于虚拟机的Rootkit方面应用大都偏重于完整性保护,未对Rootkit的攻击手段和方式进行检测识别。文中在虚拟机框架下,提出了一种新型的Rootkit检测系统VDR,VDR通过行为分析可有效识别Rootkit的攻击位置方式,并自我更新免疫该Rootkit的再次攻击。实验表明,VDR对已知Rootkit的检测和未知Rootkit的识别均有良好效果,能迅速给出攻击信息,为系统安全管理带来很大方便。 Kemel Rootldt runs in the highest system level, can modify all the data of system, so it causes great threat to the security of computer system. At present, facing to the Rootkit, most of methods based on virtual machine focus on protection of kernel's integrity, and ignore to detect the technology of Rootidt. Based on virtual machine,propose a new method to automatically detect and sort Rootldt. This method is named VDR system, can detect Rootkit efficiently and tell the difference between kinds of Rootkit, moreover remember it for agenst the second attack. The VDR system can improve plentiful information for the system administrator.
作者 张文晓 戴航 黄东旭
机构地区 西北工业大学自动化学院
出处 《计算机技术与发展》 2012年第7期128-131,135,共5页 Computer Technology and Development
基金 国家自然科学基金资助项目(60803158)
关键词 ROOTKIT 虚拟机 内核 特征码 Rootkit virtual machine kernel key code
分类号 TP319 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献14

  • 1NSA. Information Security Terms Glossary [ S/OL]. 2005. ht- tps ://www. key. com/html/bank - infonnation - security- glos- sary. html.
  • 2Kruegel C, Robertson W, Vigna G. Detecting kernel-level Ro- otkits through binary, analysis[ C]//Proc of the 20th Annual Computer Security Applications Conference. Washington D C : IEEE Computer Society,2004:91-100.
  • 3Seshadri A, Luk M, Qu N, et al. SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodi .ty OSes [ C]//Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP'07). [ s. l. ] : [ s. n. ] ,2007:335- 350.
  • 4石晶翔,陈蜀宇,黄晗辉.基于Linux系统调用的内核级Rootkit技术研究[J].计算机技术与发展,2010,20(4):175-178. 被引量:11
  • 5Wichmann R. kern_check [ CP/OL]. 2006. http://www, la- samhna, de/library/kem_check, c.
  • 6Kad. checkidt [ CP/OL]. 2007. http://www, phlnck, conv'ar- chives/59/p59- 0x04_ Handling% 20the% 201nten'upt% 20Desc.
  • 7Branco R R, Correia L J H. StMichael:Protecting the Linux Kernel Integrity[ J/OL ]. 2006. http ://www. thebugmagazine.org/magazine/bugO2/OxO7_stmichael, txt.
  • 8龚友.Linux下内核级Rootkit检测防护机制的研究[D].成都:电子科技大学,2006.
  • 9Sinch A. An introduction to virtualization [ J/OL]. 2006-05- 12. http://www, kemehhread, com/publications/virtualiza- tion.
  • 10Quynh N A,Takefuji Y. Towards a Tamper-resistant Kernel Rootkit Detector[ C]//SAC 137 Proceedings of the 2007 ACMSymposium on Applied Computing Table of Contents. [ s. l. ] : [ s. n. ] ,2007:276-283.

二级参考文献23

  • 1陈洪泉.恶意软件检测中的特征选择问题[J].电子科技大学学报,2009,38(S1):53-56. 被引量:9
  • 2张波云,殷建平,蒿敬波,张鼎兴.基于多重朴素贝叶斯算法的未知病毒检测[J].计算机工程,2006,32(10):18-21. 被引量:22
  • 3颜仁仲,钟锡昌,张倪.一种自动检测内核级Rootkit并恢复系统的方法[J].计算机工程,2006,32(10):77-79. 被引量:12
  • 4卢浩,胡华平,刘波.恶意软件分类方法研究[J].计算机应用研究,2006,23(9):4-7. 被引量:9
  • 5Salzman, Barian M, Pomerantz O. The Linux Kernel Module Programming Guide[ EB/OL]. 2005. http://www, tldp. org/ guides, html.
  • 6Murillo T. Analysis of the KNARK Rootkit [ EB/OL]. 2004. http://www, ossec, net /rootkits/studies/knark. txt.
  • 7Seshadri A,Luk M, Qu N, et al.SecVisor:A tiny hypervisor to guarantee lifetime kernel code integrity for commodity OSes[C]// Proceedings of the ACM Symposium on Operating Systems Principles,SOSP 2007,October 2007.
  • 8Riley R, Jiang Xuxian,Xu Dongyan.Guest-transparent prevention of kernel rootkits with VMM-based memory shadowing[C]//Pro- ceedings of the llth International Symposium on Recent Ad- vances in Intrusion Detection,September 15-17 2008.
  • 9Barham P, Dragovic B, Fraser K.Xen and the art of virtualiza- tion[C]//Proceedings of the Nineteenth ACM Symposium on Op- erating Systems Principles,October 19-22 2003.
  • 10Petroni Jr N L,Hicks M.Automated detection of persistent kernel control flow attacks[C]//Proceedings of the ACM Conference on Computer and Communications Security,CCS 2007,October 2007.

共引文献38

同被引文献32

  • 1李伟,苏璞睿.基于内核驱动的恶意代码动态检测技术[J].中国科学院研究生院学报,2010,27(5):695-703. 被引量:9
  • 210th CSI/FBI survey shows dramatic increase in unauthorized access[ J]. IT Professional,2005,7 (4) :4-5.
  • 3Liu Wu, Ren Ping, Liu Ke, et al. Behavior-based malware a- nalysis and detection [ C]//Proc of 2011 First International Workshop on Complexity and Data Mining (IWCDM). [ s. 1. ] :[s. n. ],2011.
  • 4Christodorescu M, Jha S. Static analysis of executables to de- tect malicious patterns [ C ]//Proc of Usenix Security Symposi-urn. [ s. 1. ]: [s. n. ] ,2003.
  • 5Moser A, Kruegel C, Kirda E. Limits of static analysis for mal- ware detection[ C ]//Proc of ACSAC. [ s. 1. ] :[ s. n.] ,2007.
  • 6Eqele M, Scholte T, Kirda E, et al. A survey on automated dy- namic malware-analysis techniques and tools[ J]. ACM Com- puting Surveys,2012,44 ( 2 ) : 1-42.
  • 7Bayer U, Habibi I, Balzarotti D, et al. A view on current mal- ware behaviors[ C ]/Proceedings of the 2nd USENIX Confer- ence on Large-scale Exploits and Emergent Threats:Botnets, Spyware,Worms,and More. [ s. 1. ]: [ s. n. ] ,2009.
  • 8Bayer U. A tool for analyzing malware [ C ]//Proceedings of 15th Annual Conference of the European Institute for Comput- er Antivirus Research (EICAR). [ s. 1. ] :[ s. n. ] ,2006.
  • 9Kasama T, Yoshioka K, Inoue D, et al. Malware detection method by catching their random behavior in multiple execu- tions[ C]//Proc of IEEE/IPSJ 12th International Symposium on Applications and the Internet (SAINT). [ s. 1. ] :[ s. n. I, 2012.
  • 10Shih-Yao D,Sy-Yen K. MAPMon:a host-based malware de- tection tool[ C]//Proc of 13th Pacific Rim International Sym- posium on Dependable Computing. [ s. 1. ] : [ s. n. ] ,2007.

引证文献4

二级引证文献5

计算机技术与发展
2012年 第7期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部