題名: Detecting the Code Injection by Hooking System Calls in Windows Kernel Mode
作者: Sun, Hung-Min
Tseng, Yu-Tung
Lin, Yue-Hsun
期刊名/會議名稱: 2006 ICS會議
摘要: In present Microsoft Windows operating system, there are unofficial approaches to inject code into other running processes. We discuss the methods and corresponding potential threats in this paper. Malicious software may use these approaches to infect authorized processes to launch attacks inside the system even under the protection of antivirus and firewall software. After analyzing these runtime code injections, we proposed the mechanism – Detecting the Code Injection Engine (DCIE). DCIE is implemented as a loadable kernel-mode driver that is able to detect runtime code injections, and the maximal overhead caused by DCIE is less than 3.26%. The minor overhead makes DCIE suitable to be installed on Windows OS or combine with other software to increase system security.
日期: 2007-01-29T08:23:08Z
分類:2006年 ICS 國際計算機會議

文件中的檔案:
檔案 描述 大小格式 
ce07ics002006000144.pdf420.1 kBAdobe PDF檢視/開啟


在 DSpace 系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。