基于VMM的Rootkit检测技术及模型分析  被引量:3

The Analysis of VMM based Rootkit Detecting Technology and Model

在线阅读下载全文

作  者:冯帆[1] 罗森林[1] 

机构地区:[1]北京理工大学信息系统及安全对抗实验中心,北京100081

出  处:《信息网络安全》2013年第6期35-39,89,共6页Netinfo Security

摘  要:随着计算机网络的发展,信息安全已逐渐成为当今社会的主要问题之一。内核态Rootkit以其良好的隐蔽特性被广泛应用于恶意代码中,严重影响操作系统内核的完整性。文章首先对基于LKM的Linux主流Rootkit技术进行了归纳整理,剖析了当前基于VMM的Rootkit检测技术及模型的原理和架构,对"In-VM"、"In-VMM"和"In-Host"检测模型的有效性、实用性、可靠性等方面进行了讨论和对比分析,其中"In-VM"模型在Rootkit检测在有效性方面效果突出,而"In-Host"模型在实用性和可靠性方面效果较好,"In-VMM"作为二者的折中方案,其各方面特性相对均衡。基于VMM的Rootkit检测技术及模型的分析,为明确该领域的研究方向及进一步研究提供参考依据。With the development of computer networks, information security has gradually become one of the main problems of today's society. Because of the hiding characteristics, the kernel level Rootkit are widely used in malicious code, seriously affect the integrity of the operating system kernel. This paper, firstly generalized the LKM based Linux mainstream Rootkit. Secondly, it analyzed the framework and theory of the VMM based Rootkit detection technology and model, discussed and compared the effectiveness, practicality and reliability of the "In-VM", "In- VMM" and "In-Host" detection model. "In-VM" Rootkit detection model has great effectiveness, "In-Host" detection model is proved to has better practicality and reliability, "In-VMM" as the compromise solution of the former, it has a relatively balanced characteristics of the various aspects. The analysis of the VMM based Rootkit detection technology and model, can help to clarify the direction of research in this field, and provide a reference for further research.

关 键 词:ROOTKIT 虚拟机监控器 检测模型 语义重构 交叉视图 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象