A Study on Polymorphic Windows Kernel Mode Rootkit
碩士 === 大葉大學 === 資訊管理學系碩士班 === 96 === More and more malicious programs are combined with rootkits to shield their illegal activities and the result makes security products face a challenge. It can be observed that most sophisticated kernel mode rootkits are implemented to execute hiding tasks through...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Others |
| Language: | en_US |
| Published: |
2008
|
| Online Access: | http://ndltd.ncl.edu.tw/handle/92312229637569799284 |
| Summary: | 碩士 === 大葉大學 === 資訊管理學系碩士班 === 96 === More and more malicious programs are combined with rootkits to shield their illegal activities and the result makes security products face a challenge. It can be observed that most sophisticated kernel mode rootkits are implemented to execute hiding tasks through drivers in Windows Kernel. Therefore, the role of a detector for detecting Windows driver-hidden rootkits is becoming extremely important. In this thesis, we first develop a new Windows driver-hidden rootkit with five tricks based on Direct Kernel Object Manipulation, and have verified that it can successfully avoid well-known rootkit detectors. And we then propose a countermeasure to detect it. We affirm our efforts will be extremely useful for improving the current techniques of detecting Windows driver-hidden rootkits.
|
|---|