Supercharge Your Innovation With Domain-Expert AI Agents!

Kernel level Rootkit detection method and system

A detection method and detection system technology, applied in the field of network security, can solve the problems of difficult implementation, poor cross-platform performance, and lack of universal applicability.

Inactive Publication Date: 2017-04-26
HARBIN ANTIY TECH
View PDF3 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The signature-based detection method is the simplest, but this detection method cannot detect unknown rootkits and is not universally applicable. Other detection methods mostly use kernel programming, behavior analysis or virtual execution to detect whether there is an injection module. Then detect whether there is a Rootkit, this method has high complexity, and most of them depend on the limitation of the kernel version, and the cross-platform performance is poor. For the detector who does not have the kernel module programming ability, it is difficult to implement, and sometimes it may be wasted A lot of time but can't detect

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Kernel level Rootkit detection method and system
  • Kernel level Rootkit detection method and system
  • Kernel level Rootkit detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] The present invention provides a kernel-level Rootkit detection method and system, in order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the present invention more obvious and easy Understand, below in conjunction with accompanying drawing, technical scheme among the present invention is described in further detail:

[0033] The present invention firstly provides a kind of kernel-level Rootkit detection method embodiment 1, as figure 1 shown, including:

[0034] S101 parses the System.map symbol table to obtain static symbol names and symbol types;

[0035] Among them, lexical analysis is used to analyze the symbol table, and the symbol type table is detailed in image 3 ; System.map is a real file in the disk, storing statically compiled function and variable addresses in the kernel, it is a kernel symbol table of a spec...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a kernel level Rootkit detection method. The kernel level Rootkit detection method includes: analyzing a System.map symbol table, and acquiring a static symbol name and a symbol type; analyzing a kallsyms symbol table, and acquiring a dynamic symbol name, a symbol type and a module to which the symbol belongs; and comparing the kallsyms symbol table and the System.map symbol table, and determining if a Rootkit behavior exists in a system or not. At present, the method for solving an unknown Rootkit can perform detection through kernel dynamic monitoring or virtual machine execution analysis technology, is complex in detection means, needs writing a kernel module, can only be used for kernel versions in a certain range, has no universality, and is poor in cross-platform universality. The method for comparing kernel symbol tables can achieve determination and detection of the Rootkit on an application layer, is not limited by the kernel versions, and has the simplicity and the universality.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a kernel-level Rootkit detection method and system. Background technique [0002] With the rapid development of computer networks, information security has increasingly become one of the major issues in today's society. There is no absolute security, and attack and defense will always be the constant theme in the field of information security. Being able to deeply understand and study various attack behaviors has a good reference value for better implementation of information security. As an open source operating system, Linux has always been considered to be more secure than Windows. However, as distributions become more popular and users are increasing, the security problems of Linux are also particularly prominent. However, rootkits are used to attack Linux systems. A powerful tool that has penetrated into the PC more deeply, has strong concealment, and problems that...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F21/57
CPCG06F21/56G06F21/577
Inventor 王辛宇童志明肖新光
Owner HARBIN ANTIY TECH
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com