电子科技大学学报Issue(4):585-590,6.DOI:10.3969/j.issn.1001-0548.2014.04.020
自动探测和保护确保内核完整性
Automatic Detection and Protection System to Ensure Kernel Integrity
摘要
Abstract
Kernel-level rootkits pose a fatal threat to kernel integrity, so kernel-level rootkits detection and protection has become a hot topic. However, there are some drawbacks in these existing efforts:either focusing on rootkits protection, or focusing on rootkits detection, without the combination of both to ensure kernel integrity. In view of this situation, this paper designs a complete automatic interactive mechanism based on the detection and protection of kernel-level rootkits, thus forming an integrated detection and protection system (ADPos) to guarantee kernel integrity. The experiments show that the ADPos system can not only automatically detect and protect kernel integrity, but also does not sacrifice the system performance for the price. Moreover, the system is compatible with a variety of OS systems and against zero-day attacks.关键词
ADPos/探测模式/联动/内核完整性/保护模式/rootkitsKey words
ADPos/detection mode/interactive mechanism/kernel integrity/protection mode/rootkits分类
信息技术与安全科学引用本文复制引用
何进,范明钰,王光卫..自动探测和保护确保内核完整性[J].电子科技大学学报,2014,(4):585-590,6.基金项目
国家863重点项目(2009AA01Z435,2009AA01Z403);国家自然科学基金(60373109,60272091) (2009AA01Z435,2009AA01Z403)
