• DocumentCode
    537010
  • Title

    A Windows Rootkit Detection Method Based on Cross-View

  • Author

    Fu, Desheng ; Zhou, Shu ; Cao, Chenglong

  • Author_Institution
    Coll. of Comput. & Software, Nanjing Univ. of Inf. Sci. & Technol., Nanjing, China
  • fYear
    2010
  • fDate
    7-9 Nov. 2010
  • Firstpage
    1
  • Lastpage
    3
  • Abstract
    From the auto-start behavior of rootkit, this paper presented a rootkit detection mechanism based on the hidden registry information, and designed a Windows rootkit detection method based on cross-view. This method by comparing from the kernel mode and user mode enumeration of the registry information found the registry hidden items by rootkit, and then detected the rootkit. Finally, a representative example shows this method has good detection.
  • Keywords
    operating system kernels; security of data; Windows rootkit detection method; auto start behavior; cross view; hidden registry information; kernel mode; registry information; rootkit detection mechanism; user mode enumeration; Computers; Indexes; Information filters; Kernel;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    E-Product E-Service and E-Entertainment (ICEEE), 2010 International Conference on
  • Conference_Location
    Henan
  • Print_ISBN
    978-1-4244-7159-1
  • Type

    conf

  • DOI
    10.1109/ICEEE.2010.5660871
  • Filename
    5660871
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=537010