| 基于内核驱动的恶意代码动态检测技术 |
| |
| 引用本文: | 李伟,苏璞睿.基于内核驱动的恶意代码动态检测技术[J].中国科学院研究生院学报,2010,27(5):695-703. |
| |
| 作者姓名: | 李伟 苏璞睿 |
| |
| 作者单位: | 1. 中国科学院研究生院,北京,100049
2. 中国科学院软件研究所,北京,100190 |
| |
| 摘 要: | 通过对Windows下的代码注入方法和Hook技术的详尽分析与研究,提出了一种基于内核驱动的恶意代码动态检测方法. 该方法采用驱动的方式运行于系统内核中,在不影响系统性能的前提下,动态监控系统中所有进程,同时及时准确地向用户报告任何攻击信息,增强了系统的整体安全性. 实验结果表明,该方法在性能和检测方面都达到较好的检测效果.
|
| 关 键 词: | Hook技术 系统服务描述符表 系统服务表 |
| 收稿时间: | 2009-12-24 |
| 修稿时间: | 2010-03-09 |
Detection of the malicious code injection by hooking system calls in kernel mode |
| |
| LI Wei,SU Pu-Rui.Detection of the malicious code injection by hooking system calls in kernel mode[J].Journal of the Graduate School of the Chinese Academy of Sciences,2010,27(5):695-703. |
| |
| Authors: | LI Wei SU Pu-Rui |
| |
| Affiliation: | 1. Graduate University of the Chinese Academy of Sciences, Beijing 100049, China;
2. Institute of Software, Chinese Academy of Sciences, Beijing 100190, China |
| |
| Abstract: | Based on detailed analyses of all the methods about runtime process injection and hooking techniques in Windows operating system, we propose a method for dynamically detecting malicious code using the kernel-mode driver. It is implemented as a driver that is able to dynamically monitor every process, report attacks to the user accurately, and enhance overall system security.The experimental results show that this method achieves satisfactory detection effects in performance and detection. |
| |
| Keywords: | |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《中国科学院研究生院学报》浏览原始摘要信息 |
|
点击此处可从《中国科学院研究生院学报》下载全文 |
|
