【 摘 要 】

The current online world is constantly affected by malicious software such as viruses, Trojans, worms, spywareand botnets. When such a malicious software integrates with the rootkit technique, it becomes a serious threat toend users. Rootkits themselves do not cause damage to a computer. Instead, they mask their footprints eitherfrom antivirus software or anti-rootkit tools to allow a remote attacker to conduct computer crimes for a longtime. This property makes malicious code attacks difficult to detect. Traditional techniques that aim to revealrootkit footprints suffer from false alarm rate and also fail to detect unknown stealthy malicious code attacks.The proposed Concealed Process and Service Discovery Algorithm (CoPDA) introduces a novel cross-viewcomparison technique that can effectively detect the concealed processes and services of a malicious software inWindows operating system. Compare to existing anti-rootkit detection tools, the experimental results show thatCoPDA can be effectively used to discover hidden process and service and deserved 99.02% detection accuracy,100% true positive rate and 1.82% false positive rate. Additionally, CoPDA is portable across various operatingsystems with only negligible tweaking.

【 授权许可】

Unknown   

【 预 览 】

附件列表

Files	Size	Format	View
RO201912010262687ZK.pdf	507KB	PDF	download