Rootkit Versatility Detection Method For Heterogeneous BIOS Environments

Posted on:2020-11-26

Degree:Master

Type:Thesis

Country:China

Candidate:X Y Hou

Full Text:PDF

GTID:2428330590995353

Subject:Information security

Abstract/Summary:

PDF Full Text Request

With the rapid development of computer technology and the rising degree of information,the increasing malicious attacks on computer systems lead to the disclosure of private information.Therefore,information security has gradually become the focus of attention.Rootkit is a virus based on the computer kernel that can acquire supreme privilege of a superuser and hide its own tampering traces.At present,most of the researches on Rootkit are focused on one kind of BIOS or one kind of hardware environment.The thesis studies the Rootkit versatility detection method based on the heterogeneous BIOS environments.The main work of this thesis is as follows:(1)Selecting Rootkit samples based on different BIOS environments to analyze modified locations and summarize operation processes in the BIOS kernel environments.Combining the Trojan theory model and the Rootkit model based on collaborative hidden features,an improved Rootkit formal model based on collaborative hidden features is proposed.The model emphasizes the impact on Rootkit subroutines hidden in kernel modules.(2)Using the idea of trusted computing,a Rootkit formal detection model for heterogeneous BIOS environments is established.In this model,the detection results of the former part has an impact on the detection accuracy of the later part,thus avoiding the influence of the collaborative hiding feature on the detection method.(3)Analyzing the construction basis and trusted metric root of the detection method based on trusted computing,the Rootkit versatility detection method based on trusted computing is proposed.According to the analysis results of multiple Rootkit samples,three trusted chains are established and different detection algorithms are proposed to ensure the security of the system startup process.In the configured virtual machine experimental environment,the Rootkit versatility detection method based on trusted computing is verified.The experimental data shows that the detection method can accurately detect the modified location of the Rootkit in the heterogeneous BIOS environments.

Keywords/Search Tags:

Rootkit, heterogeneous BIOS environments, cooperative concealment, trusted computing, detection

PDF Full Text Request

Related items

1	Research Of Rootkit Detection Technology Based On The Windows's Course Of Startup
2	The Research Of Detection Technology Of BIOS ROOTKIT Based On AWARD Mainboard
3	BIOS Rootkit And Detection Reasearch
4	Design And Implementation Of Trusted UEFI BIOS System Testing Program
5	The Research And Application Of Trusted-BIOS Platform Based On UEFI
6	Study On Bootkit Detection Model Based On Trusted Computing And Neural Network
7	Research On Key Technologies Of Trusted Virtual Environments For Cloud Computing
8	Research And Realization On The Attack And Detection Of Rootkit On Android
9	The Design Of A Trusted Chain Based On UEFI And The Implementation Of TPM Driver Program
10	Research Of UEFI BIOS Security Enhancement Mechanism And Integrity Measurement