赵晓参, 任炬, 徐旸, 王国军. 一种基于系统管理模式的隐藏进程检测模型[J]. 微电子学与计算机, 2017, 34(12): 111-115.
引用本文: 赵晓参, 任炬, 徐旸, 王国军. 一种基于系统管理模式的隐藏进程检测模型[J]. 微电子学与计算机, 2017, 34(12): 111-115.
shu
ZHAO Xiao-can, REN Ju, XU Yang, WANG Guo-jun. A Hidden Process Detection Model Based on System Management Mode[J]. Microelectronics & Computer, 2017, 34(12): 111-115.
Citation: ZHAO Xiao-can, REN Ju, XU Yang, WANG Guo-jun. A Hidden Process Detection Model Based on System Management Mode[J]. Microelectronics & Computer, 2017, 34(12): 111-115.
shu

一种基于系统管理模式的隐藏进程检测模型

A Hidden Process Detection Model Based on System Management Mode

    摘要
  • 摘要: 近年来, 恶意程序的隐身性越来越强.针对这个问题, 提出了一种基于系统管理模式(System Management Mode, SMM)的隐藏进程检测模型(SMM-based Hidden process Detection model, SHPD).该模型能够有效地检测系统中的隐藏恶意进程, 同时保证自身的透明性.模型包括客户端和监控端两部分.客户端运行在BIOS中, 利用内外语义信息建立操作系统进程的多个视图, 将建立的视图发送到监控端.监控端通过对比视图间的差异, 识别出隐藏的恶意进程.在提出的SHPD模型理论支持下, 搭建了实验原型系统, 并进行了功能测试和分析, 实验结果证明了该模型的有效性.

     

    Abstract: In recent years, the stealth of malware is getting stronger and stronger. In this paper, a SMM-based Hidden process Detection model (SHPD) is proposed. SHPD can effectively detect the stealthy process in system while ensuring its own transparency. SHPD consists of two parts: the client and the monitor. The client, which implemented in BIOS, uses both internal and external semantic information to establish multiple views of processes in OS and sends those process views to the monitor. The monitor identifies the stealthy process by comparing the differences between the views. In the paper, we build a prototype system under the support of the SHPD theory, and conduct functional testing and analysis. The experimental results verify the feasibility of SHPD.

     

    • HTML全文
    • 参考文献(10)
    • 相关文章
    • 施引文献
  • 资源附件(0)

/

返回文章
返回