Kernel rootkits implement and detection
Rootkits, which unnoticeably reside in your computer, stealthily carry on remote control and software eavesdropping, are a great threat to network and computer security. It's time to acquaint ourselves with their implement and detection. This article pays more attention to kernel rootkits, because they are more difficult to compose and to be identified than useland rootkits. The latest technologies used to write and detect kernel rootkits, along with their advantages and disadvantages, are present in this article.
Key wordsrootkit kernel rootkits rootkit detection
CLC numberTP 309
Unable to display preview. Download preview PDF.
- Greg H, James B.Rootkits: Subverting the Windows Kernel [M]. Boston: Addison Wesley, 2005.Google Scholar
- Prasad D, Milind B, Sandeep P.Undocumented Windows NT[M]. New York: M&T Books, 1999: 33–44.Google Scholar
- Walter O.Programming the Windows Driver Model[M]. Washington: Microsoft Press, 2003: 77–92.Google Scholar
- Peter S.The Art of Computer Virus Research and Defense [M]. Boston: Addison Wesley, 2005: 69–92.Google Scholar
- Ed S, Lenny Z.Malware: Fighting Malicious Code [M]. Indiana: Prentice Hall, 2003: 34–45.Google Scholar
- David S, Mark R.Microsoft Windows Internals [M]. Washington: Microsoft Press, 2004: 88–102.Google Scholar
- Rutkowska J. Detecting Windows Server Compromises with Patchfinder 2 [EB/OL]. [2005-01-20].http://www.invisibleth ings. org/papers/rootkits_detection_with_patchfinder2. pdf. Google Scholar
- Cogswell B, Russinovich M. RootkitRevealer [EB/OL]. [2005-06-10].http://www. sysinternals. com/ntw2k/freeware/rootkitreveal.shtml.Google Scholar
- James B, Jeff U, John P, Hidden Processes: The Implication for Intrusion Detection [EB/OL]. [2005-01-20].http://www.csee. umbc. edu/~stephens/SECURITY/491M/HiddenProcesses.ppt.Google Scholar
- Sven B S.Undocumented Windows 2000 Secret [M]. Boston: Addison Wesley, 2001: 143–152.Google Scholar