电子科技大学学报
電子科技大學學報
전자과기대학학보
JOURNAL OF UNIVERSITY OF ELECTRONIC SCIENCE AND TECHNOLOGY OF CHINA
2014年
4期
585-590
,共6页
ADPos%探测模式%联动%内核完整性%保护模式%rootkits
ADPos%探測模式%聯動%內覈完整性%保護模式%rootkits
ADPos%탐측모식%련동%내핵완정성%보호모식%rootkits
ADPos%detection mode%interactive mechanism%kernel integrity%protection mode%rootkits
内核rookits攻击对内核完整性构成致命威胁,因此对内核rootkits探测和防护确保内核完整性是当前研究的热点,然而现有的研究总存在不足:要么侧重内核rootkits防护,要么侧重内核rootkits探测,并未将两者相结合确保内核完整性。鉴于此,本文将探测和保护相结合形成一个自动联动机制,从而构成了基于探测保护的一体化系统ADPos来确保内核完整性。实验表明ADPos系统既能自动全面有效地探测与防护,而且又不牺牲系统性能为代价,并且兼容多种OS系统、同时防零日攻击。
內覈rookits攻擊對內覈完整性構成緻命威脅,因此對內覈rootkits探測和防護確保內覈完整性是噹前研究的熱點,然而現有的研究總存在不足:要麽側重內覈rootkits防護,要麽側重內覈rootkits探測,併未將兩者相結閤確保內覈完整性。鑒于此,本文將探測和保護相結閤形成一箇自動聯動機製,從而構成瞭基于探測保護的一體化繫統ADPos來確保內覈完整性。實驗錶明ADPos繫統既能自動全麵有效地探測與防護,而且又不犧牲繫統性能為代價,併且兼容多種OS繫統、同時防零日攻擊。
내핵rookits공격대내핵완정성구성치명위협,인차대내핵rootkits탐측화방호학보내핵완정성시당전연구적열점,연이현유적연구총존재불족:요요측중내핵rootkits방호,요요측중내핵rootkits탐측,병미장량자상결합학보내핵완정성。감우차,본문장탐측화보호상결합형성일개자동련동궤제,종이구성료기우탐측보호적일체화계통ADPos래학보내핵완정성。실험표명ADPos계통기능자동전면유효지탐측여방호,이차우불희생계통성능위대개,병차겸용다충OS계통、동시방령일공격。
Kernel-level rootkits pose a fatal threat to kernel integrity, so kernel-level rootkits detection and protection has become a hot topic. However, there are some drawbacks in these existing efforts:either focusing on rootkits protection, or focusing on rootkits detection, without the combination of both to ensure kernel integrity. In view of this situation, this paper designs a complete automatic interactive mechanism based on the detection and protection of kernel-level rootkits, thus forming an integrated detection and protection system (ADPos) to guarantee kernel integrity. The experiments show that the ADPos system can not only automatically detect and protect kernel integrity, but also does not sacrifice the system performance for the price. Moreover, the system is compatible with a variety of OS systems and against zero-day attacks.
