| With the rapid development of computers and the internet,computers and networks have penetrated into millions households,every family even have one.Computers and networks connect closely with people's lifestyles.They are more than a tools for entertainment and communication,they play a very import role in economic and military affairs.As the computer and networks plays so much important role in our life,so the security of the them is becoming more and more important.Especially in recent years,with the rapid development of various attack techniques,the security of information technology has become more and more severe.Linux has been widely used because of it's stability,which cause Rootkit technology under Linux system has become more and more import in the network security research.This paper mainly focus on the detection technology of Rootkit on Linux system.Workers must first sharpen their tools for good things.This paper firstly briefly introduces Linux system knowledge,such as the architecture of Linux,user mode and kernel mode,the format of COFF file,KVM and LKM technology,and so on.Then came with the technology which often used on Linux Rootkit,such as process hiding,file hiding,port hiding,raising privileges for ordinary users,hijacking system calls and so on.Then detailly elaborated the under principles of these technology,and implemented one of these technology and verified it.According to the experimental results,we can say that our Rootkit did as we expected.After understanding the basic principle of the Rootkit under Linux,this paper proposes a detection system for detecting these kind of Rootkit,this system includes file feature and check detection module,symbol execution analysis module,feature library scan detection module,kernel data structure detection module,and loaded system detection module.Through multidimensional and multi-modules detection,then a final test result are given.This paper also gives a separate introduction to each detection module,including its principle and implementation process and so on.Then we did an experiment on our detection system to verify whether it can detect the exists of Rootkit,according to the result of experiment,we found that,this detection system is feasible. |
PDF Full Text Request