| Summary: | 碩士 === 大葉大學 === 資訊管理學系碩士班 === 94 === Although defense mechanisms such as implementing antivirus software, anti-spy software, all kinds of hardware or software firewalls, and the latest fixing tools may prevent the system from attacking by malicious software, it is still hard to catch up with the pace of every transformation of malicious software. Recently, malicious software with rootkit technology is affecting the system security and makes related detecting techniques become more and more unsatisfactory and even ineffective.
Rookit first appeared in 1990s and its attack targets are Sun and Linux operating systems. Nowadays over sixty kinds of rookits exist in the cyberspace, which has a great impact on information security. If we want to develop a more efficient and accurate detecting technique, we have to understand its developing process, technology and characteristics so that we can prevent our systems from being intruded by rootkit technology in advance. Rootkit can be divided into two types: user mode and kernel mode. The former is easily to be detected by rootkit detections tools. The latter is difficult to be recognized; especially,a variety of metamorphic rootkits will greatly threaten the whole security of systems. Therefore, this thesis will emphasize on kernel mode rootkit technology, and further develop a metamorphic Linux Kernel Mode Rookit, which can’t be detected by current rootkit detecting software tools. Moreover, we also discuss the corresponding detecting method for finding the proposed metamorphic rootkit such that it would be a practical reference for the subsequent development of metamorphic rookit detections.
|
|---|
