Study On Bootkit Detection Model Based On Trusted Computing And Neural Network

Posted on:2011-05-05

Degree:Master

Type:Thesis

Country:China

Candidate:L T Sha

Full Text:PDF

GTID:2178360305461031

Subject:Information security

Abstract/Summary:

PDF Full Text Request

With the development of information technology and rapid promotion of information construction, the technology of information security is faced with unprecedented opportunity and challenge. The increasing tension of malice attack is aimed at getting the root privilege and confidential information, which is based on computer network. Under this background Rootkit is widely applied as an advanced concealing technique, and the research of which is extremely urgent.A detection model is proposed for advanced Rootkit-Bootkit technology in this paper, technical features of which is emphasized on modifying kernel modules in boot process of operation system, then the root privilege is obtained and running path is obscure. Firstly the implement and characteristic of all kinds Bootkits are analyzed in this paper, afterwards a Bootkit detection model based on trusted computing and neural network is proposed. It can detect modifying traces in kernel modules of every Bootkit, and achieve the prediction of unknown Bootkit rationally. The experimental results show that the detection effect of it is better than popular security softwares.The main work of this paper is listed as follows:(1) A new kind of trusted chain transmission mechanism in Windows operation system based on trusted computing is proposed. When it is achieved the running modules of TPM are embedded in boot process to verify the intergrity of kernel modules, and the checksums are stored to detect the attack from Bootkits.(2) The checksums from detection are abstractly quantified in the construction of neural network. The final results are utilized to estimate dynamic creditability. While the modifying paths of unknown Bootkits are rationally predicted by adjusting correlative weights, some unknown Bootkits are detected by this model.(3) The detection results in this model are compared with many mainstream security software, the experimental results show that the proposed detection model has a better effect than others.

Keywords/Search Tags:

Bootkit detection, Rootkit, trusted computing, neural network, kernel modules, creditability, converse analysis

PDF Full Text Request

Related items

1	Research And Application Of Kernel Rootkit Detection Technology Under Win32 Environment
2	Research And Implementation Of Anti-R/Bootkit Based On Behavior Detection
3	Research Of Rootkit Detection Technology Based On The Windows's Course Of Startup
4	Research On Trojan Detection Technology Of Rootkit In Linux Kernel
5	The Research And Application On Linux Kernel-level Rootkit Detection Methods
6	Linux Kernel Module Rootkit Detection Based On System Virtual Machine Technology
7	Windows Bootkit Detection And Defense Technology Research
8	The Research And Implementation Of Trusted Execution Environment Based On Trusted Computing Platform
9	Research On Malware Detection And Analysis Technology For Rootkit Behavior
10	The Research And Improvement Of Kernel Rootkit Hidden