电信科学 ›› 2018, Vol. 34 ›› Issue (12): 33-45.doi: 10.11959/j.issn.1000-0801.2018298

• 研究与开发 • 上一篇    下一篇

Rootkit攻防机制与实现方法

李馥娟,王群   

  1. 江苏警官学院计算机信息与网络安全系,江苏 南京 210031
  • 修回日期:2018-12-10 出版日期:2018-12-01 发布日期:2019-01-02
  • 作者简介:李馥娟(1974-),女,江苏警察学院副教授,主要研究方向为计算机网络技术与应用、物联网、信息安全等。|王群(1971-),男,博士,江苏警察学院教授,主要研究方向为网络体系结构与协议、信息物理融合系统、信息安全等。
  • 基金资助:
    “十三五”江苏省重点建设学科建设工程资助项目(2016-0838);江苏高校品牌专业建设工程资助项目(PZY2015C203);江苏省第五期“333工程”科研项目资助(BRA2017443);江苏高校哲学社会科学研究基金项目(2018SJA0456)

Mechanism and implementation of Rootkit attack and defense

Fujuan LI,Qun WANG   

  1. Department of Computer Information and Cyber Security,Jiangsu Police Institute,Nanjing 210031,China
  • Revised:2018-12-10 Online:2018-12-01 Published:2019-01-02
  • Supported by:
    Key Construction Discipline Construction Project of Jiangsu Province During the 13th Five-Year Plan Period(2016-0838);Jiangsu University Brand Professional Construction Project Subsidy Project(PZY2015C203);Jiangsu Province Fifth Phase “333 Project” Scientific Research Project(BRA2017443);Jiangsu University Philosophy and Social Science Research Fund Project(2018SJA0456)

摘要:

Rootkit是一类能够攻击系统内核且实现深度隐藏的恶意代码,已对网络安全造成了严重威胁。首先,介绍了Rootkit/Bootkit的基本特征,对比分析了用户模式和内核模式下Rootkit攻击的特点;接着,重点剖析了 Rootkit 攻击涉及的挂钩、DKOM 和虚拟化技术的实现原理及工作机制;最后,结合具体的攻击行为讨论了针对Rootkit攻击的主要检测方法和防御技术。

关键词: 网络攻防, 恶意代码, Rootkit, 挂钩攻击, 网络安全

Abstract:

Rootkit is a set of malicious codes that can attack the system kernel and achieve deep hiding,which has posed serious threats to cyber security.Firstly,the basic features of Rootkit/Bootkit were introduced,and the characteristics of Rootkit attacks in user mode and kernel mode were compared and analyzed.Thereafter,the implementation principles and working mechanisms of Hook,DKOM and virtualization technologies involved in Rootkit attacks were emphatically analyzed.Combined with the specific attack behaviors,the main detection methods and defense techniques for Rootkit attacks were discussed at the end.

Key words: network attack and defense, malware, Rootkit, hooking attack, network security

中图分类号: 

No Suggested Reading articles found!