反rootkit内核完整性检测与恢复技术

2011 International Conference on Network Computing and Information Security Pub Date : 2011-05-14 DOI:10.1109/NCIS.2011.62

Yongqiang Zhang, Hai Bi

{"title":"反rootkit内核完整性检测与恢复技术","authors":"Yongqiang Zhang, Hai Bi","doi":"10.1109/NCIS.2011.62","DOIUrl":null,"url":null,"abstract":"Aiming at the principles how root kit malicious action by hooking System Service Dispatch Table and utilizing inline function patching, this paper presents a method of integrity detection and restoration based on kernel file, which is proved to ensure correct implementation of the kernel function.","PeriodicalId":215517,"journal":{"name":"2011 International Conference on Network Computing and Information Security","volume":"72 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Anti-rootkit Technology of Kernel Integrity Detection and Restoration\",\"authors\":\"Yongqiang Zhang, Hai Bi\",\"doi\":\"10.1109/NCIS.2011.62\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Aiming at the principles how root kit malicious action by hooking System Service Dispatch Table and utilizing inline function patching, this paper presents a method of integrity detection and restoration based on kernel file, which is proved to ensure correct implementation of the kernel function.\",\"PeriodicalId\":215517,\"journal\":{\"name\":\"2011 International Conference on Network Computing and Information Security\",\"volume\":\"72 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-05-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 International Conference on Network Computing and Information Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NCIS.2011.62\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 International Conference on Network Computing and Information Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NCIS.2011.62","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

针对根节点通过挂接系统服务调度表和利用内联函数补丁来检测恶意行为的原理，提出了一种基于内核文件的完整性检测和恢复方法，并证明了该方法能够保证内核功能的正确实现。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Anti-rootkit Technology of Kernel Integrity Detection and Restoration

Aiming at the principles how root kit malicious action by hooking System Service Dispatch Table and utilizing inline function patching, this paper presents a method of integrity detection and restoration based on kernel file, which is proved to ensure correct implementation of the kernel function.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2011 International Conference on Network Computing and Information Security

自引率

0.00%

发文量