期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

Windows Rootkit实现及其检测技术分析 被引量:3

Research on designing and detecting technology of Rootkit
下载PDF
导出
摘要 Rootkit是恶意软件用于隐藏自身及其它特定资源和活动的程序集合。本文针对windows Rootkit的启动方式,将Rootkit归为先于操作系统启动和伴随操作系统启动两类,详细分析了这两类windows Rootkit的启动方式、实现原理及隐藏技术,并对现有的检测方法的原理进行了深入的分析。 Rootkit is used to hide its malicious software and other special resources and activities of the procedures set.In this paper, stating with windows Rootldt, Rootkit is prior to the operating system boot and with the operating system to start the two class, the start of the two kinds of windows Rootldt, the realization principle and hiding technology is analyzed in detail, and the principle of the existing detection methods are analyzed.
作者 梁冰
机构地区 华北计算技术研究所
出处 《电子世界》 2013年第9期13-15,共3页 Electronics World
关键词 ROOTKIT 宿主进程 BIOS ROOTKIT MBR ROOTKIT Rootldt vshost.exe BIOSRootldt MBRBootkit
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献6

  • 1Hoglund G,Butler J.Rootkits:Subverting the Windows Kernel[M].[S.l.]:Addison Wesley Professional,2005.
  • 2郑文彬.高级Rootkkit—Tophet安全焦点信息安全峄会,2008,11.
  • 3http://msdn.microso ft.com/en-us/library/aa380545. aspx.
  • 4IceLord.BIOS Rootkit:welcome home,my Loord!. http://www.Xfocus.Net/artices/200705/918.html,2007.
  • 5Derek Soeder,Ryan Permeh:eEye BootRoot:A Basis for Bootstrap-Based windows kernel code.BlackHat, 2005.
  • 6Butler J.Windows Rootldts of 2005,Part One & Part Three[DB/OL].(2007-12-05).http://www.securitvfocus. com/infocus/1850.

同被引文献51

  • 1侯春明,刘林.基于文件系统过滤驱动的内核Rootkit隐藏技术[J].吉首大学学报(自然科学版),2010,31(3):43-46. 被引量:1
  • 2范书平,杨文君.Windows注册表详解[J].牡丹江师范学院学报(自然科学版),2005,31(1):20-21. 被引量:1
  • 3MellP, Grance T. The NIST definition of cloud computing (draft)[J].NIST special publication, 2011, 800(145):7-12.
  • 4ClarkB, Deshane T, Dow E M, et al. Xen and the Art of RepeatedResearch[C]//USENIX Annual Technical Conference, FPJEENIX Track.2004: 135-144.
  • 5KVM.Kernel based virtual machine[EB/OL] http://www.linux-kvm.org/page/Main一Page,2014-9-11.
  • 6PayneB D, De Carbone M D P, Lee W. Secure and flexible monitoringof virtual machines[C]//Computer Security Applications Conference,2007. ACSAC 2007. Twenty-Third Annual. IEEE, 2007: 385-397.
  • 7NanceK, Hay B, Bishop M. virtual machine introspection[J].IEEEComputer Society, 2008.
  • 8XiongH, Liu Z, Xu W, et al. Libvmi: A Library for Bridging theSemantic Gap between Guest OS and VMM[C]//Computer andInformation Technology (CIT), 2012 IEEE 12th International Conferenceon. IEEE, 2012: 549-556.
  • 9WangY, Hu C, Li B. Vmdetector: a VMM-based platform to detecthidden process by multi-view comparison[C]//High-Assurance SystemsEngineering (HASE), 2011 IEEE 13th International Symposium on. IEEE,2011: 307-312.
  • 10Li tty L, Lagar-CavilJa H A, Lie D. Hypervisor Support for IdentifyingCovertly Executing Binaries[C]//USENIX Security Symposium. 2008:243-258.

引证文献3

二级引证文献5

电子世界
2013年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部