|
|||||
|
|
| 基于差异分析的隐蔽恶意代码检测 | |
| 引用本文: | 曹跃,梁晓,李毅超,何子昂. 基于差异分析的隐蔽恶意代码检测[J]. 中国药品标准, 2008, 0(2): 96-98 |
| 作者姓名: | 曹跃 梁晓 李毅超 何子昂 |
| 作者单位: | 电子科技大学计算机科学与工程学院网络攻防实验室 成都610054 |
| 基金项目: | 国家科技基础条件平台工作基金 |
| 摘 要: | 隐蔽性恶意程序Rootkit通过篡改系统内核代码与指令,导致操作系统返回虚假的关键系统信息,从而逃避管理员和主机型安全工具的检查.通过分析Rootkit技术的实现原理,包括进程、TCP端口、注册表和文件的隐藏技术,提出了基于差异分析的隐藏行为检测技术.该技术将可信任的系统信息与不可信任的系统信息进行比较,从而获得被隐藏的信息.最终实现了相应的原型系统.与特征码扫描法相比,该检测方法检测在未知和变形Rootkit方面具有明显优势. |
| 关 键 词: | 入侵检测 恶意程序 Rootkit 隐蔽 |
Variance Analysis Based Stealthy Malicious Code Detection |
|
| CAO Yue,LIANG Xiao,LI Yi-Chao,HE Zi-Ang. Variance Analysis Based Stealthy Malicious Code Detection[J]. , 2008, 0(2): 96-98 | |
| Authors: | CAO Yue LIANG Xiao LI Yi-Chao HE Zi-Ang |
| Abstract: | Stealthy malicious rootkits evade inspection of administrators and host-based security detection tools by modifying operating system kernel programs and instructions,then bring unreal pivotal information to system and security utilities.With the analysis of the malicious code hidden technology,we present a stealthy malicious code detection technology base on the analysis of the differences.This technology compares the trusty system information with untrusty ones,and regards the differences as hidden information.Finally we establish a trusted cooperation detection model with its prototype.Compared with signature scanning method,our method is demonstrated much superior on detecting unknown and metamorphous rootkits,which gets authentic detection results. |
| Keywords: | Intrusion detection Malware Rootkit Stealth |
| 点击此处可从《中国药品标准》浏览原始摘要信息 | |
| 点击此处可从《中国药品标准》下载全文 | |