计算机应用研究2009,Vol.26Issue(8):3047-3049,3.DOI:10.3969/j.issn.1001-3695.2009.08.072
一种新的内核级Rootkit的检测方法
New method of detecting kernel-level Rootkit
摘要
Abstract
This paper introduced the basic concept of Rootkit, and then extended to kernel-level Rootkit. On the basis of analyzing the principle of kernel level Rootkits and the limitations of others Rootkit detection, proposed a new method. This method analyzed if there was suspicious behavior at loading kernel module, compared with system. map and kmem to determine whether it was Rootkit or not. At last, proved the effectiveness of this method through an experiment.关键词
Rootkit/内核/检测/安全Key words
Rootkit/kernel/detect/security分类
信息技术与安全科学引用本文复制引用
梁升荣,范明钰,王光卫,郑秀林..一种新的内核级Rootkit的检测方法[J].计算机应用研究,2009,26(8):3047-3049,3.基金项目
国家自然科学基金资助项目(60272091,60373109) (60272091,60373109)
北京电子科技学院开发基金资助项目(KFHT200704) (KFHT200704)
