| Rootkit technology plays an important role in the field of information security.When Trojan Horse attack on the target host,Rootkit technology is often used to hide its own files,processes and network links to achieve the goal of long-term latent in the target system,which counter the detection of the target host intrusion detection system.This kind of behavior will do great harm to computer users.If we want to prevent this kind of network intrusion behavior against the target host,it is necessary to conduct in-depth research on Rootkit malicious behavior detection technology.This dissertation is mainly devoted to the analysis of Rootkit's malicious behavior and researched Rootkits detection technology.Traditional static analysis technology is to disassemble malicious samples to obtain the static characteristics of samples.However,for malicious samples using obfuscation technology,the traditional static analysis method is difficult to achieve expectations,resulting in the high cost of acquiring static features of malicious samples.Therefore,this dissertation uses the method of mapping malicious code into gray image.The above problem can be overcome by recognizing image texture.However,the traditional image texture analysis method is not effective in extracting texture features from gray-scale images which is generated by Rootkit malicious codes.Therefore,in this dissertation,a deep learning method is proposed for texture analysis of gray image generated by rootkit coding mapping.The performance of deep learning in image recognition is better than many other classifiers.The experimental results achieved detection rate 97.2%,false alarm rate 9.4%and overall accuracy 92.9%,and the AUC value also achieve 0.983,which achieved good detection results and the results of experimental show that the expected targets have been achieved. |
PDF Full Text Request