Rootkit Research Based On Windows NT6.x’s Security Characteristics

Posted on:2013-03-28

Degree:Master

Type:Thesis

Country:China

Candidate:B C Li

Full Text:PDF

GTID:2248330395452848

Subject:Computer application technology

Abstract/Summary:

PDF Full Text Request

With the rapid development of the Internet, network security issues have become in-creasingly prominent. Microsoft has released the newest operating system in order to en-hance continuously self-security protection against varieties of attack. Meanwhile, the malware program producers also manage to find the vulnerabilities in the security features of the newly released operating system to attack it.Rootkit technology is a group of backdoor tools of Trojan Horses which can be used to modify the existing operation system to help attackers disguise themselves and access to the operation system. However, Rootkit itself is not malevolent. For example, there are a few legal softwares which have advanced features such as antivirus software had used some Rootkit technologies to stay in the bottom of the operating system in order to find more malware attacks. The Rookit technology will be malevolent if it was used by mal-wares such as virus and Trojans.Among the operating systems released by Microsoft Corporation, Windows XP is the most popular and widespread operating system version. Meanwhile it is the main target attacked by the malware program. The newly released NT6.x operating system series have adopted some new security features such as User Account Control, Driver Digital Sigature which have caused some attack methods invalid. At the same time many new attack me-tods are produced. The key point of my research thesis is mainly about the surviving envi-ronment and detecting methods of traditional Rootkit in the new security NT6.x platformFinally, a Rootkit detecting tool is designed in Windows NT6.x platform. The imple-mentation details of the system design solution and pivotal modules are proposed. A series of unit tests and module tests are performed. The test results turn out that the detecting tool is able to detect the comparatively popuplar Rootkit in Windows NT6.x platform. Com-paring with the detecting tool XurTr, our detecting tool has shown more stabilities and powerful detecting ability.

Keywords/Search Tags:

Rootkit, Malware, Windows NT6.x, Driver Digital Sigature, System Se-curity

PDF Full Text Request

Related items

1	Windows Rootkit Detection Based On Windows(2000/2003) Kernel Objects
2	Research On The Application Of Rootkit Technology In The Third Party Information Security Protection System
3	The Research And Implementation Of Anti-Rootkit Driver Based On Windows
4	Research And Application Of ROOTKIT Technology Under WINDOWS Environment
5	Research On Detection Of Windows Rootkit
6	Research Of Rootkit Detection Technology Based On The Windows's Course Of Startup
7	Research On Detection Technology Of Windows Rootkit
8	Research And Application Of Rootkit Technology Under Windows NT6.X Family Of Operating Systems
9	The Analysis And Implementation Of Windows Rootkit
10	Rootkit Detection System Based On The Windows Operating System Research