| Title: | METHOD OF GENERATING IN-KERNEL HOOK POINT CANDIDATES TO DETECT ROOTKITS AND THE SYSTEM THEREOF |
| Authors: | Wang Chi-wei Chen Chong-kuan Wang Chia-wei Shieh Shiuhpyng |
| Issue Date: | 27-Aug-2015 |
| Abstract: | A method for determining whether a to-be-tested program contains malicious behavior is disclosed. The method includes steps of providing an emulator having a kernel and a plurality of installed hook points, wherein the kernel has a plurality of in-kernel functions; executing the to-be-tested program in the emulator dynamically to invoke the plurality of installed hook points to obtain a specific in-kernel function set from the plurality of in-kernel functions; and determining whether the to-be-tested program contains instructions for malicious behavior based on an invocation sequence of the specific in-kernel function set. |
| Gov't Doc #: | G06F021/56 |
| URI: | http://hdl.handle.net/11536/128685 |
| Patent Country: | USA |
| Patent Number: | 20150242626 |
| Appears in Collections: | Patents |
- MrKIP: Rootkit Recognition With Kernel Function Invocation Pattern / Wang, Chi-Wei;Chen, Chong-Kuan;Wang, Chia-Wei;Shieh, Shiuhpyng Winston
- 基於內核函數呼叫模式之惡意程式種類辨認方法 / 劉芳瑜;謝續平;Shieh, Shiuhpyng
- ProbeBuilder - Automating Probe Construction in Virtual Machine Introspection through Uncovering Opaque Kernel Data Structures / 王繼偉;Wang, Chi-Wei;謝續平;Shieh, Shiuhpyng
- 虛擬機記憶體與磁碟狀態之觀測與操控 / 黃俊祺;Huang, Chun-Chi;吳育松;Wu, Yu-Sung
- 前瞻性雲端安全儲存、防護、行為分析與觀測平台---子計畫二:基於機器碼之Windows惡意程式行為分析雲端平台( II ) / 謝續平;SHIEH SHIUH-PYNG
Loading...