| As a result of in-depth Rootkit hiding technique, the traditional file system filterbased antivirus softwares start to be very difficult to detect its existence. Once a trojanhorse or a virus built with Rootkit, the antivirus software will fail to detect it. And alongwith the Rootkit technology itself rapid development, the existing popular Rootkitdetection tools became unable to detect the newest Rootkits (for example FUTo andFHide and so on). Without doubt, Rootkit has become one of the biggest threats ofinformation system security. At the same time, as a result of the commercial secret andso on, public materials about Rootkit detection technology are very lacking.In a volatile data detection refinement framework detecting branch in the course ofthe study, discusses the realization of the detection process, driver, port elements. Theprocess of using Multi-way based integrated the results of the five methods. Drive partusing Multi-way based thought the results of the two methods. In the non-volatile datadetection refinement framework detecting branch in the course of the study, discussesthe realization of detection files and registry elements. Finally, the volatile andnon-volatile detection refinement framework for the two parts of the implementationprocess, complete the realization of the overall detection scheme. Based on the intrusiondetection message is optimized, can enhance the Rootkit ability of information control,in process analysis and control needs to control a comprehensive data model, byoptimizing the information management strategy, control ability can enhance the datainformation, exert a positive influence on the data security management, enhance thedata information from the aspects of management level, to platform optimization innonvolatile data detection refinement framework detection research branch of the datain the process of management information model, discusses the realization of specificdetection process, driver, port elements. The process of using Multi-way basedintegrated the results of the five methods. Drive part using Multi-way based thought theresults of the two methods. In the non-volatile data detection refinement frameworkdetecting branch in the course of the study, discusses the realization of detection filesand registry elements. Finally, the volatile and non-volatile detection refinementframework for the two parts of the implementation process, complete the realization ofthe overall detection scheme. Based on the intrusion detection message is optimized, can enhance the Rootkit ability of information control, in process analysis and controlneeds to control a comprehensive data model, by optimizing the informationmanagement strategy, control ability can enhance the data information, exert a positiveinfluence on the data security management, enhance the data information from theaspects of management level, to platform optimization on data model management.At first, this article analyzes the Rootkit detection system approach structure, andindependently designs and implements an integrated Rootkit detection system structure,this structure internally contains volatile data and non-volatile data detection parts.Among them, the volatile data detection part have applied the Multi-way based thought.This dissertation also gives test result of the technical prototype system (namedSecRoot Anti-Rootkit) with other popular Rootkit detection tools and then carries on theanalysis.At present, the technical prototype has received from the various countries’ securityexpert’s approval and was reported by many famous security websites as the format ofmain page dissertation. |
PDF Full Text Request