期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

系统服务Rootkits隐藏行为分析 被引量:1

Analyse the Undetectable Behavior of Rootkits on System Services
下载PDF
导出
摘要 用挂钩系统服务来实现进程、文件、注册表、端口等对象的隐藏是最常见的rootkits实现方式。然而大量的检测方法并不能将rootkits和其所隐藏的对象对应起来。本文分析了用户层和内核层系统服务rootkits的隐藏行为,建立了6种模型。在检测出系统服务rootkits的基础上,提出了一种分析其二进制执行代码,匹配模型,找出隐藏对象的方法,实现了一个隐藏行为分析原型。实验结果证明这种隐藏行为分析方法能有效分析出隐藏对象。 Hooking the system services to hide the presence of objects such as processes, files, registry keys, and open ports is the most popular method of rootkits. But a great deal of rootkits detection methods can't tell the relationship between the rootkits and the hided objects. Analyzing the undetectable behavior of user-mode or kernel-mode rootkits on system services, six hide models are built. We develop a method to reveal the object bided by the rootkits when the rootkits are detected through analyzing the binary code of the rootkits function and matching the hide models. We implement a prototype of the method. The results of experiments on some famous rootkits demonstrate the effectiveness of the model.
作者 龙海 郝东白 黄皓
机构地区 南京大学计算机科学与技术系软件新技术国家重点实验室
出处 《计算机科学》 CSCD 北大核心 2008年第6期103-106,共4页 Computer Science
基金 863项目:分布式可信计算系统研究(2007AA1Z409)
关键词 ROOTKITS 系统服务 行为 控制流图 数据流图 函数调用图 Rootkits,System service,Behavior,Control-flow graph,Data-flow graph,Call graph
分类号 TP316.7 [自动化与计算机技术—计算机软件与理论] N94 [自动化与计算机技术—计算机科学与技术]
  • 相关文献

参考文献12

  • 1http://www. eweek. com/article2/0, 1895, 1896605, 00. asp [EB]. Mar. 2007 被引量:1
  • 2http://www. f-secure com/2006/2/[EB]. Mar. 2007 被引量:1
  • 3Ries C. www. vigilantminds.com/files/inside_windows_root kits. pdf [EB]. Mar. 2007 被引量:1
  • 4http://www. rootkit. com [EB]. Mar. 2007 被引量:1
  • 5Kruegel C,Robertson W, Vigna G. Detecting kernel-level rootkits through binary analysis [C]// Computer Security Applications Conference, 2004. 20th Annual. Dec. 2004: 91- 100 被引量:1
  • 6易宇,金然.基于符号执行的内核级Rootkit静态检测[J].计算机工程与设计,2006,27(16):3064-3068. 被引量:11
  • 7Wang Yi-Min, Beck D, Vo B,et al. Detecting Stealth Software with Strider GhostBuster. Microsoft Research Technical Report MSR-TR-2005-25. February 21, 2005 (submitted to DSN-2005 on December 13, 2004)//Proc. Int. Conf. on Dependable Systems and Networks (DSN-DCCS). June 2005 被引量:1
  • 8Wang Yi-Min, Beck D. Fast User-Mode Rootkit Scanner for the Enterprise//19th Large Installation System Administration Conference. Dec. 2005:23-30 被引量:1
  • 9Levine J, Grizzard J, Owen H. Detecting and Categorizing Kernel-Level Rootkits to Aid Future Detection. IEEE Security & Privacy, 2006,4(1) :24-32 被引量:1
  • 10http: //vii. nai. com/vil/content/v_ 137 85 8. htm [EB]. Mar. 2007 被引量:1

二级参考文献6

  • 1陈有祺.形式与自动机[M].天津:南开大学出版社,1999. 被引量:1
  • 2George F Luger.人工智能:复杂问题求解的结构和策略[M].第4版.北京:机械工业出版社,2003. 被引量:1
  • 3Christopher Kruegel,William Robertson,Giovanni Vigna.Detecting kernel-level rootkits through binary analysis[EB/OL].20th Annual Computer Security Applications Conference,2004. 被引量:1
  • 4Jan Krzysztof Rutkowski.Advanced Windows 2000 rootkits detection[EB/OL].http://www.blackhat.com/presentations/bh-usa03/bh-us-03-rutkowski/bh-us-03-rutkowski-paper.pdf. 被引量:1
  • 5Hoglund Greg.A *REAL* NT Rootkit,patching the NT kernel[J/OL].Phrack Magazine 55,1999. 被引量:1
  • 6Crazylord.Playing with Windows/dev/(k)mem[J/OL].Phrack Magazine 59,2002. 被引量:1

共引文献10

同被引文献15

  • 1Rutkowska J. Rootkits vs Stealth by Design Malware [C/OL]. http://invisiblethings org/papers/rutkowska-bheurope2006, ppt. 被引量:1
  • 2HogtundG,ButlerJ.Rootkits-Windows内核的安全防护[M].韩智文,译.北京:清华大学出版社,2007:163-263. 被引量:1
  • 3King S T, Chen P M, Wang Y, et al. Subvirt: Implementing realware with virtual machines [C]// Proceeding of the 2006 IEEE Symposium on Seurity and Privacy. Berkeley/Oakland, Califor nia, IEEE CS digital library, 2006: 314-327. 被引量:1
  • 4Rutkowska J, Tereshkin A. Subverting Vista Kernel For fun and Profit [C/OL]. Black Hat USA. http://blackhat, com/presentations/bh-usa-06 /BH-US-06-Rutkowska. pdf , 2006-08. 被引量:1
  • 5Zovi D Z. Hardware Virtualization Rootkits. Black Hat USA [C/OL]. http://blackhat, com/ presentations/bh-usa-06/BH- US-06-Zovi. pdf. 被引量:1
  • 6Rutkowska J. System Virginity Verifier-Defining the Roadmap for Malware Detection on Windows System, Hack In The Box[C/OL]. http://invisiblethings, org/papers/hitb05_ virginity_ verifier, ppt, 2005. 被引量:1
  • 7Goldberg R P. Survey of Virtual Machine Research[J]. IEEE Computer, 1974 ,June: 34-45. 被引量:1
  • 8Intel. Intel 64 and IA-32 Architecture Software Developer's Manual; Volume3B: System Programming Guide, Part2,2007. EB/OL]. http://download, intel, com/design/processor/manuals/253669, pdf. 被引量:1
  • 9Garfinkel T, Adams T. Compatibility is Not Transparency: VMM Detection Myths and Realities[C]//Proceeding of the 11th USENIX Workshop on Hot Topics in Operating Systems. CA, USA: USENIX Association Berkeley, 2007 : 1 - 6. 被引量:1
  • 10Rutkowska J. Is Game OverO, Anyone?. Black Hat USA [C/ OL]. https://www, blackhat, com/ presentations/bh-usa-07/ Rutkowska/Presentation/bh-usa-07-rutkowska. pdf, 2007. 被引量:1

引证文献1

二级引证文献9

计算机科学
2008年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部