计算机工程Issue(6):116-120,5.DOI:10.3969/j.issn.1000-3428.2015.06.021
基于磁盘隐藏PE文件搜索的Bootkit检测方法
Bootkit Detection Method Based on Disk Hidden PE File Searching
摘要
Abstract
Bootkit originates from Rootkit and can bypass most security software through loading the malicious code during windows booting period. This paper uses formal description to depict the procedure of malicious operation hiding and develops the cooperative concealment. Because most Bootkit hide malicious PE files in disks, a PE matching algorithm is designed and implemented. This algorithm will search some byte sequences with specific pattern to find potential hidden PE files and experiments show that this algorithm can gain a high detecting accuracy towards some Bootkit samples.关键词
恶意行为/协同隐藏/形式化描述/PE文件/静态检测Key words
malicious behavior/cooperative concealment/formal description/PE file/static detection分类
信息技术与安全科学引用本文复制引用
金戈,薛质,齐开悦..基于磁盘隐藏PE文件搜索的Bootkit检测方法[J].计算机工程,2015,(6):116-120,5.基金项目
国家自然科学基金资助项目“云计算环境下软件可靠性和安全性理论、技术与实证研究”(61332010)。 (61332010)