A Study on Polymorphic Windows Kernel Mode Rootkit
碩士 === 大葉大學 === 資訊管理學系碩士班 === 96 === More and more malicious programs are combined with rootkits to shield their illegal activities and the result makes security products face a challenge. It can be observed that most sophisticated kernel mode rootkits are implemented to execute hiding tasks through...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Others |
| Language: | en_US |
| Published: |
2008
|
| Online Access: | http://ndltd.ncl.edu.tw/handle/92312229637569799284 |
| id |
ndltd-TW-096DYU00396040 |
|---|---|
| record_format |
oai_dc |
| spelling |
ndltd-TW-096DYU003960402015-11-30T04:02:36Z http://ndltd.ncl.edu.tw/handle/92312229637569799284 A Study on Polymorphic Windows Kernel Mode Rootkit 變形的WindowsKernelModeRootkit分析研究 Yuh-Chen Chen 陳昱成 碩士 大葉大學 資訊管理學系碩士班 96 More and more malicious programs are combined with rootkits to shield their illegal activities and the result makes security products face a challenge. It can be observed that most sophisticated kernel mode rootkits are implemented to execute hiding tasks through drivers in Windows Kernel. Therefore, the role of a detector for detecting Windows driver-hidden rootkits is becoming extremely important. In this thesis, we first develop a new Windows driver-hidden rootkit with five tricks based on Direct Kernel Object Manipulation, and have verified that it can successfully avoid well-known rootkit detectors. And we then propose a countermeasure to detect it. We affirm our efforts will be extremely useful for improving the current techniques of detecting Windows driver-hidden rootkits. Woei-Jiunn Tsaur 曹偉駿 2008 學位論文 ; thesis 45 en_US |
| collection |
NDLTD |
| language |
en_US |
| format |
Others
|
| sources |
NDLTD |
| description |
碩士 === 大葉大學 === 資訊管理學系碩士班 === 96 === More and more malicious programs are combined with rootkits to shield their illegal activities and the result makes security products face a challenge. It can be observed that most sophisticated kernel mode rootkits are implemented to execute hiding tasks through drivers in Windows Kernel. Therefore, the role of a detector for detecting Windows driver-hidden rootkits is becoming extremely important. In this thesis, we first develop a new Windows driver-hidden rootkit with five tricks based on Direct Kernel Object Manipulation, and have verified that it can successfully avoid well-known rootkit detectors. And we then propose a countermeasure to detect it. We affirm our efforts will be extremely useful for improving the current techniques of detecting Windows driver-hidden rootkits.
|
| author2 |
Woei-Jiunn Tsaur |
| author_facet |
Woei-Jiunn Tsaur Yuh-Chen Chen 陳昱成 |
| author |
Yuh-Chen Chen 陳昱成 |
| spellingShingle |
Yuh-Chen Chen 陳昱成 A Study on Polymorphic Windows Kernel Mode Rootkit |
| author_sort |
Yuh-Chen Chen |
| title |
A Study on Polymorphic Windows Kernel Mode Rootkit |
| title_short |
A Study on Polymorphic Windows Kernel Mode Rootkit |
| title_full |
A Study on Polymorphic Windows Kernel Mode Rootkit |
| title_fullStr |
A Study on Polymorphic Windows Kernel Mode Rootkit |
| title_full_unstemmed |
A Study on Polymorphic Windows Kernel Mode Rootkit |
| title_sort |
study on polymorphic windows kernel mode rootkit |
| publishDate |
2008 |
| url |
http://ndltd.ncl.edu.tw/handle/92312229637569799284 |
| work_keys_str_mv |
AT yuhchenchen astudyonpolymorphicwindowskernelmoderootkit AT chényùchéng astudyonpolymorphicwindowskernelmoderootkit AT yuhchenchen biànxíngdewindowskernelmoderootkitfēnxīyánjiū AT chényùchéng biànxíngdewindowskernelmoderootkitfēnxīyánjiū AT yuhchenchen studyonpolymorphicwindowskernelmoderootkit AT chényùchéng studyonpolymorphicwindowskernelmoderootkit |
| _version_ |
1718139524907794432 |