標題: | METHOD OF GENERATING IN-KERNEL HOOK POINT CANDIDATES TO DETECT ROOTKITS AND THE SYSTEM THEREOF |
作者: | Wang Chi-wei Chen Chong-kuan Wang Chia-wei Shieh Shiuhpyng |
公開日期: | 27-八月-2015 |
摘要: | A method for determining whether a to-be-tested program contains malicious behavior is disclosed. The method includes steps of providing an emulator having a kernel and a plurality of installed hook points, wherein the kernel has a plurality of in-kernel functions; executing the to-be-tested program in the emulator dynamically to invoke the plurality of installed hook points to obtain a specific in-kernel function set from the plurality of in-kernel functions; and determining whether the to-be-tested program contains instructions for malicious behavior based on an invocation sequence of the specific in-kernel function set. |
官方說明文件#: | G06F021/56 |
URI: | http://hdl.handle.net/11536/128685 |
專利國: | USA |
專利號碼: | 20150242626 |
顯示於類別: | 專利資料 |