计算机工程与应用2016,Vol.52Issue(7):127-131,5.DOI:10.3778/j.issn.1002-8331.1509-0167
基于Kprobe的Rootkit检测机制
Rootkit detection based on Kprobe
摘要
Abstract
This paper analyzes the principles of the existing Rootkit detection technology on Linux system, and further proposes a detection technology using Kprobe. The detection method collects the information of objects hidden by Rootkit by inserting probe points into the critical path in low-level kernel, and then compares the underlying information and the results from audit tools with cross-view validation principle to get the hided objects. The experiments are conducted to verify this detection method on several popular Rootkits. The results show that this technique has a good reliability.关键词
Rootkit检测/Kprobe/内核/审计工具/交叉视图比对Key words
Rootkit detection/Kprobe/kernel/audit tool/cross-view vaildation分类
信息技术与安全科学引用本文复制引用
杨章象,代祖华,王博..基于Kprobe的Rootkit检测机制[J].计算机工程与应用,2016,52(7):127-131,5.基金项目
国家自然科学青年基金(No.61202060)。 ()
