参考文献
[1]RUTKOWSKA J.Thoughts About Cross-view Based Rootkit Detection[Z].Retrieved on January,2005.
[2]BUTLER J,ARBAUGH B,PETRONI N.R^2:The Exponential Growth of Rootkit Techniques[EB/OL].(2010-11-21).http://xueshu.baidu.com/s?wd=paperuri:(f0a8ae859fc95d84aafd2bedc634e82b)&filter=sc_long_sign≻_ks_para=q%3DR_%3A+The+Exponential+Growth+of+Rootkit+Techniques&tn=SE_baiduxueshu_c1gjeupa&ie=utf-8≻_us=4070721835583137199.
[3]BUTLER J.Direct Kernel Object Manipulation[EB/OL].(2010-11-19).http://xueshu.baidu.com/s?wd=paperuri:(8515eab9c40acc25b99f6928e72573ee)&filter=sc_long_sign≻_ks_para=q%3DDKOM+%28direct+kernel+object+manipulation%29&tn=SE_baiduxueshu_c1gjeupa&ie=utf-8≻_us=7242158771040150604.
[4]RUSSINOVICH M E,SOLOMON D A,IONESCU A.Windows Internals[M].[S.1.]:Pearson Education,2012.
[5]张文晓,戴航,黄东旭.基于虚拟机的 Rootkit 检测系统[J].计算机技术与发展,2012,22(7):128-131.
[6]LEVINE J,GRIZZARD J,OWEN H.A Methodology to Detect and Characterize Kernel Level Rootkit Exploits Involving Redirection of the System Call Table[C]//Proceedings of the 2nd IEEE International Information Assurance Workshop.Washington D.C.,USA:IEEE Press,2004:107-125.
[7]BUTLER J,HOGLUND G.VICE——Catch the Hookers[J].Black Hat USA,2004,31(5):17-35.
[8]PAYNE B D,de CARBONE M D P,LEE W.Secure and Flexible Monitoring of Virtual Machines[C]//Proceedings of Computer Security Applications Conference.Washington D.C.,USA:IEEE Press,2007:385-397.
[9]JIANG X,WANG X,XU D.Stealthy Malware Detection Through VMM-based Out-of-the-box Semantic View Reconstruction[J].ACM Transactions on Computer & Communications Security,2007,13(2):128-138.
[10]周利荣,马文龙.Windows7 遍历 PspCidTable 表检测隐藏进程[J].计算机系统应用,2011,20(9):222-225.
[11]闫广禄,罗森林.基于线程调度的隐藏进程检测技术研究[J].信息网络安全,2013(2):38-40.
[12]王璟,武东英.基于内存扫描的隐藏进程检测技术[J].计算机应用,2009,29(6):89-91.
[13]胡和君,范明钰.基于内存搜索的隐藏进程检测技术[J].计算机应用,2009,29(1):175-177
[14]ZHU Junhu,ZHOU Tianyang,WANG Qingxian.Towards a Novel Approach for Hidden Process Detection Based on Physical Memory Scanning[C]//Proceedings of the 4th International Conference on Multimedia Information Networking and Security.Washington D.C.,USA:IEEE Press,2012:662-665.
[15]BAHRAM S,JIANG X,WANG Z,et al.DKSM:Subverting Virtual Machine Introspection for Fun and Profit[J].IEEE Symposium on Reliable Distributed Systems,2010,23(3):82-91.
编辑刘冰索书志 |