摘要： 针对Rootkit具有隐藏、通信、监听等功能但存在典型木马特征对计算机系统危害严重问题，分析近年来Windows操作系统下Rootkit中各种主流隐藏技术(包括DKOM和各种钩子)，指出当前单一检测方法的缺陷，提出综合性检测技术方案。实验结果表明，该方法达到较好的检测效果，可以对目前大多数Rootkit行为进行检测。

关键词: Rootkit技术, 系统服务描述符表, 隐藏

Abstract: Rootkit is a program or a set of programs that an intruder uses to hide her presence on a computer system and to allow access to the computer system. This paper analyses the main concealing techniques of Windows Rootkits, including DKOM and Hook, inner Windows system and points out the limitation of these single detection method. An integrated detection method is proposed to detect Rootkits. The main idea and implementation steps are presented. Experimental result shows that it owns satisfied detection effect, and can detect most actions of Rootkit.

Key words: Rootkit technology, System Service Descriptor Table(SSDT), concealing

中图分类号: 

• TP393