| 基于文件系统过滤驱动的内核Rootkit隐藏技术 |
| |
| 引用本文: | 侯春明,刘林.基于文件系统过滤驱动的内核Rootkit隐藏技术[J].吉首大学学报(自然科学版),2010,31(3):43-46. |
| |
| 作者姓名: | 侯春明 刘林 |
| |
| 作者单位: | (吉首大学物理科学与信息工程学院,湖南 吉首 416000) |
| |
| 摘 要: | Rootkit是能够持久或可靠地、无法检测的存在于计算机上的一组程序和代码.研究了基于文件系统过滤驱动技术的内核Rootkit,阐述了文件系统过滤驱动的工作原理、过滤驱动的实现、基于文件系统过滤驱动的内核Rootkit对文件隐藏的实现,并讨论了针对Rootkit隐藏的检测技术.
|
| 关 键 词: | 文件系统 Rootkit 过滤驱动 隐藏 |
Research on Occultation Techniques of Kernel Rootkit Based on File System Filter Driver |
| |
| HOU Chun-ming,LIU Lin.Research on Occultation Techniques of Kernel Rootkit Based on File System Filter Driver[J].Journal of Jishou University(Natural Science Edition),2010,31(3):43-46. |
| |
| Authors: | HOU Chun-ming LIU Lin |
| |
| Institution: | (College of Physics Science and Information Engineering,Jishou University,Jishou 416000,Hunan China) |
| |
| Abstract: | A Rootkit is a set of programs and code that allows a permanent or consistent,undetectable presence on a computer.Windows kernel Rootkit based on file system filter driver has been researched.The work principle of file system filter driver and the realization of filter driver and occultation techniques of kernel Rootkit based on file system filter driver have been introduced.The techniques of Rootkit detection have been discussed. |
| |
| Keywords: | file system Rootkit filter driver occultation |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《吉首大学学报(自然科学版)》浏览原始摘要信息 |
| 点击此处可从《吉首大学学报(自然科学版)》下载免费的PDF全文 |
