基于可信计算和神经网络的R/Bootkit检测

2010 2nd IEEE International Conference on Information Management and Engineering Pub Date : 2010-04-16 DOI:10.1109/ICIME.2010.5478345

Letian Sha, Hong-Xia Wang

{"title":"基于可信计算和神经网络的R/Bootkit检测","authors":"Letian Sha, Hong-Xia Wang","doi":"10.1109/ICIME.2010.5478345","DOIUrl":null,"url":null,"abstract":"There is no standardized definition to characterize R/Bootkit that threatens kernel security of boot process in operating system. Most existing detection techniques attempt to detect the performance of it in the running stage of operating system, rather than protect kernel modules in the boot process. This paper proposes a new trust chain, where the trust root is TPM, which checks all kernel modules from CPU to the application environment, then security of kernel modules can be ensured out of R/Bootkit. In addition, a neural network is designed to identify known and unknown R/Bootkit. The test results show that we can correctly detect illegal modifications for kernel modules.","PeriodicalId":382705,"journal":{"name":"2010 2nd IEEE International Conference on Information Management and Engineering","volume":"76 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-04-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"R/Bootkit detection based on trusted computing and neural network\",\"authors\":\"Letian Sha, Hong-Xia Wang\",\"doi\":\"10.1109/ICIME.2010.5478345\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"There is no standardized definition to characterize R/Bootkit that threatens kernel security of boot process in operating system. Most existing detection techniques attempt to detect the performance of it in the running stage of operating system, rather than protect kernel modules in the boot process. This paper proposes a new trust chain, where the trust root is TPM, which checks all kernel modules from CPU to the application environment, then security of kernel modules can be ensured out of R/Bootkit. In addition, a neural network is designed to identify known and unknown R/Bootkit. The test results show that we can correctly detect illegal modifications for kernel modules.\",\"PeriodicalId\":382705,\"journal\":{\"name\":\"2010 2nd IEEE International Conference on Information Management and Engineering\",\"volume\":\"76 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-04-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 2nd IEEE International Conference on Information Management and Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICIME.2010.5478345\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 2nd IEEE International Conference on Information Management and Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIME.2010.5478345","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

R/Bootkit对操作系统启动过程的内核安全性构成威胁，目前尚无标准的定义。大多数现有的检测技术都试图在操作系统的运行阶段检测内核模块的性能，而不是在引导过程中保护内核模块。本文提出了一种新的信任链，以TPM为信任根，对从CPU到应用环境的所有内核模块进行检查，从而保证内核模块在R/Bootkit之外的安全性。此外，设计了一个神经网络来识别已知和未知的R/Bootkit。测试结果表明，该方法能够正确检测内核模块的非法修改。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

R/Bootkit detection based on trusted computing and neural network

There is no standardized definition to characterize R/Bootkit that threatens kernel security of boot process in operating system. Most existing detection techniques attempt to detect the performance of it in the running stage of operating system, rather than protect kernel modules in the boot process. This paper proposes a new trust chain, where the trust root is TPM, which checks all kernel modules from CPU to the application environment, then security of kernel modules can be ensured out of R/Bootkit. In addition, a neural network is designed to identify known and unknown R/Bootkit. The test results show that we can correctly detect illegal modifications for kernel modules.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2010 2nd IEEE International Conference on Information Management and Engineering

自引率

0.00%

发文量