Research and Development of Rootkit
-
摘要: Rootkit是一种持久且难以察觉地存在于网络系统中的恶意代码,通过修改操作系统内核或更改指令执行路径,为攻击者提供隐匿自身、维持访问和软件窃听功能,已造成了严重的网络安全威胁。该文首先介绍了Rootkit的基本定义与演化过程,其次剖析了Windows系统中与Rootkit密切相关的内核组件和Rootkit的工作机制;然后讨论了Rootkit防御机制与检测方法;最后探讨了Rootkit的发展趋势和Rootkit防御的进一步研究方向。
-
[1] PAN Jian-feng, XI Hong-sheng, TAN Xiao-bin. A method for rootkit anomaly detection using behaviors analysis[J]. Journal of Univeristy of Science and Technology of China, 2010, 40(8): 863-869. [2] STONE R. A call to cyber arms[J]. Science, 2013, 339(6123): 1026-1027. [3] XUE Ying-fei. Rootkit detection based on Windows(2000/ 2003) kernel object[D]. Shanghai: Shanghai Jiao Tong University, 2008. [4] XU Hao. Research and application of kernel Rootkit technology under Win32 environment[D]. Shanghai: Shanghai Jiao Tong University, 2007. [5] LAI Yun-yi. Windows rootkit analysis and detection[D]. Chengdu: Univeristy of Electronic Science and Technology of China, 2009. [6] HE Zhi. Research and implementation of Windows Rootkit secure detection system[D]. Chengdu: Univeristy of Electronic Science and Technology of China, 2008. [7] SHUANG Shi-yong. Research on Windows Rootkit detection methods[D]. Zhengzhou: The PLA Information Engineering University, 2005. [8] HOGLUND G, BUTLER J. Rootkits: Subverting the Windows kernel[M]. USA: Addison-Wesley Professional, 2007. [9] XUE Han. Rootkit detection and personal firewall in the network active defense system[D]. Zhengzhou: The PLA Information Engineering University, 2007. [10] BAI Guang-dong, GUO Yao, CHEN Xiang-qun. Windows rootkit detection method based on cross-view[J]. Computer Science, 2009, 36(8): 133-137. [11] LI Wen-xin, WANG Jiang-bo, MU De-jun, et al. Survey on Android Rootkit[J]. Microprocessors, 2011, 32( 2): 68-72. [12] PAN Ai-min. Understanding the Windows kernel[M]. Beijing: Publishing House of Electronics Industry, 2010. [13] SHI Jiang-yong, WANG Hui-mei, XIAN Ming, et al. Summarize of detection methods on hardware-based virtualization machine Rootkit[J]. Application Research of Computers, 2014, 31(1): 1-5. [14] XIN Zhi, CHEN Hui-yu, HAN Hao, et al. Kernel Rootkit defense based on automatic data structure randomization [J]. Chinese Journal of Computers, 2014, 37(5): 1100-1110. [15] 潘剑锋, 奚宏生, 谭小彬. 一种利用程序行为分析的Rootkit 异常检测方法[J].中国科学技术大学学报, 2010, 40(8): 863-869. [16] 薛英飞. 基于Windows(2000/2003)内核对象的Rootkit检测[D]. 上海: 上海交通大学, 2008. [17] 徐昊. Win32平台下内核Rootkit技术的研究与应用[D]. 上海: 上海交通大学, 2007. [18] 赖云一. Windows Rootkit分析与检测[D]. 成都: 电子科技大学, 2009. [19] 何志. 针对Windows RootKit的安全监测系统的研究与实现[D]. 成都: 电子科技大学, 2008. [20] 双世勇. Windows Rootkit检测方法研究[D]. 郑州: 中国人民解放军信息工程大学, 2005. [21] 薛寒. 网络主动防御系统中的rootkit检测与个人防火墙[D]. 郑州: 中国人民解放军信息工程大学, 2007. [22] 白光冬, 郭耀, 陈向群. 一种基于交叉视图的Windows Rootkit检测方法[J]. 计算机科学, 2009, 36(8): 133-137. [23] JOY J, JOHN A, JOY J. Rootkit detection mechanism: a survey[J]. Communications in Computer and Information Science, 2011, 203: 366-374. [24] 李文新, 王姜博, 慕德俊, 等. Android 系统Rootkit 技术综述[J]. 微处理机, 2011, 32( 2): 68-72. [25] DAVIS M A, BODMER S M, LEMASTER A. Hacking explosed: Malware & Rootkits secrets & solutions[M]. USA: The McGraw-Hill Companies, 2010. [26] BLUNDEN B. The Rootkit arsenal: Evasion in the dark corners of the system[M]. Massachusetts: Jones & Bartlett Publishers, 2013. [27] BRAVO P, GARCIA D F. Proactive detection of kernel- mode Rootkits[C]//2011 Sixth International Conference on Availability, Reliability and Security. Vienna: IEEE Computer Society, 2011: 515-520. [28] SPARKS S, BUTLER J. Shadow walker: Raising the bar for windows rootkit detection [J]. Phrack Magazine, 2005, 11(63): 10-26. [29] RUTKOWSKAJ. Introducing stealth malware taxonomy [EB/OL]. [2014-12-10]. www.net-security.org/dl/articles/ malware-taxonomy.pdf. [30] KING S T, CHEN P M, WANG Y M. SubVirt: Implementing malware with virtual machines[C]//2006 IEEE Symposium on Security and Privacy. Berkeley: IEEE Computer Society, 2006: 314-327. [31] COLLAPSE C. A real SMM rootkit[J]. Phrack Magazine, 2009, 13(42): 56-68. [32] BSDAEMON, COIDELOKO, DONANDON. System management mode hacks[J]. Phrack Magazine, 2008, 12(41):12-25. [33] EMBLETON S, SPARKS S, ZOU C. SMM Rootkits: a new breed of OS independent malware[J]. Security & Communication Networks, 2013, 6(12): 1590-1605. [34] METULA E. Managed code Rootkits[M]. Burlington: Syngress press, 2011. [35] RUSSINOVICH M, SOLOMON D, IONESCU A. Windows internals[M]. USA: Microsoft Press, 2012. [36] 潘爱民. Windows内核原理与实现[M]. 北京: 电子工业出版社, 2010. [37] RUTKOWSKA J. Execution path analysis: Finding kernel based Rootkits[J]. Phrack Magazine, 2003, 11(59): 65-79. [38] XIE Xiong-wei, WANG Wei-chao. Rootkit detection on virtual machines through deep information extraction at hypervisor-level[C]//IEEE Conference on Communications and Network Security. National Harbor, USA: IEEE, 2013, 498- 503. [39] CARRIER B D, GRAND J. A hardware-based memory acquisition procedure for digital investigations[J]. Journal of Digital Investigation, 2004, 1(1):50-60. [40] RILEY R. A framework for prototyping and testing data-only rootkit attacks[J]. Computers & Security, 2013, 37: 62-71. [41] CARVEY H. Windows forensic analysis[M]. New York : Syngress Publisher, 2009. [42] ROMANA S, JHA A K, PAREEK H, ESWARI P R. Evaluation of open source anti-rootkit tools[C]//Workshop on Anti-malware Testing Research. Montreal: IEEE, 2013: 1-6. [43] HILI G, MAYES K, MARKANTONAKIS K. The BIOS and Rootkits, secure smart embedded devices[J]. Platforms and Applications, 2014, 369-381. [44] PU Shi, CHEN Zhou-guo, HUANG Chen, et al. Threat Analysis of smart mobile device[C]//2014 General Assembly and Scientific Symposium. Beijing: IEEE, 2014: 1-3. [45] 施江勇, 王会梅, 鲜明, 等. 硬件虚拟化Rootkit检测方法研究综述[J]. 计算机应用研究, 2014, 31(1):1-5. [46] 辛知, 陈惠宇, 韩浩, 等. 基于结构体随机化的内核Rootkit防御技术[J]. 计算机学报, 2014, 37(5): 1100- 1110. [47] WANG Xue-yang, KARRI R. Detecting kernel control-flow modifying Rootkits[J]. Advances in Information Security, 2014, 55: 177-187. [48] KORKIN I, NESTEROV I. Applying memory forensics to rootkit detection[C]//Proceedings of the Conference on Digital Forensics, Security and Law. Virginia, USA: ADFSL, 2014: 115-143. [49] LIANG Jun-jie. Key security technologies of cloud computing platforms[J]. Advances in Intelligent Systems and Computing, 2014, 250: 411-417. [50] CARRETERO J, BLAS J G. Introduction to cloud computing: Platforms and solutions[J]. Cluster Computing, 2014, 17(4): 1225-1229.
点击查看大图
计量
- 文章访问数: 6848
- HTML全文浏览量: 221
- PDF下载量: 243
- 被引次数: 0