摘要
内核级Rootkit位于操作系统核心层,可以篡改内核地址空间的任意数据,对系统安全构成了巨大的威胁。目前基于虚拟机的Rootkit方面应用大都偏重于完整性保护,未对Rootkit的攻击手段和方式进行检测识别。文中在虚拟机框架下,提出了一种新型的Rootkit检测系统VDR,VDR通过行为分析可有效识别Rootkit的攻击位置方式,并自我更新免疫该Rootkit的再次攻击。实验表明,VDR对已知Rootkit的检测和未知Rootkit的识别均有良好效果,能迅速给出攻击信息,为系统安全管理带来很大方便。
Kemel Rootldt runs in the highest system level, can modify all the data of system, so it causes great threat to the security of computer system. At present, facing to the Rootkit, most of methods based on virtual machine focus on protection of kernel's integrity, and ignore to detect the technology of Rootidt. Based on virtual machine,propose a new method to automatically detect and sort Rootldt. This method is named VDR system, can detect Rootkit efficiently and tell the difference between kinds of Rootkit, moreover remember it for agenst the second attack. The VDR system can improve plentiful information for the system administrator.
出处
《计算机技术与发展》
2012年第7期128-131,135,共5页
Computer Technology and Development
基金
国家自然科学基金资助项目(60803158)