مرکز منطقه ای اطلاع رساني علوم و فناوري - A Windows Rootkit Detection Method Based on Cross-View

DocumentCode :

537010

Title :

A Windows Rootkit Detection Method Based on Cross-View

Author :

Fu, Desheng ; Zhou, Shu ; Cao, Chenglong

Author_Institution :

Coll. of Comput. & Software, Nanjing Univ. of Inf. Sci. & Technol., Nanjing, China

fYear :

2010

fDate :

7-9 Nov. 2010

Firstpage :

Lastpage :

Abstract :

From the auto-start behavior of rootkit, this paper presented a rootkit detection mechanism based on the hidden registry information, and designed a Windows rootkit detection method based on cross-view. This method by comparing from the kernel mode and user mode enumeration of the registry information found the registry hidden items by rootkit, and then detected the rootkit. Finally, a representative example shows this method has good detection.

Keywords :

operating system kernels; security of data; Windows rootkit detection method; auto start behavior; cross view; hidden registry information; kernel mode; registry information; rootkit detection mechanism; user mode enumeration; Computers; Indexes; Information filters; Kernel;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

E-Product E-Service and E-Entertainment (ICEEE), 2010 International Conference on

Conference_Location :

Henan

Print_ISBN :

978-1-4244-7159-1

Type :

conf

DOI :

10.1109/ICEEE.2010.5660871

Filename :

5660871

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=537010