以 SSDT Hooking 為基礎之掃毒軟體保護機制;A SSDT Hooking-Based Mechanism to Protect Antivirus Software

NCU Institutional Repository > 資訊電機學院 > 資訊工程學系 > 研究計畫 > Item 987654321/62944

jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/62944

题名:	以 SSDT Hooking 為基礎之掃毒軟體保護機制;A SSDT Hooking-Based Mechanism to Protect Antivirus Software
作者:	許富皓;黃燕鈴
贡献者:	國立中央大學資訊工程系
关键词:	資訊科學;軟體
日期:	2012-12-01
上传时间:	2014-03-17 14:14:55 (UTC+8)
出版者:	行政院國家科學委員會
摘要:	研究期間：10108~10207;In the near several decades, the arms race between malware writers and antivirus programmers has become more and more severe. The simplest way for a computer user to secure her/his computer is to install antivirus software on her/his computer. As antivirus software becomes more sophisticated and powerful, evading the detection of antivirus software becomes an important part of malware. As a result, malware writers have developed various approaches to increase the survivability and stealth of their malware. One of these technologies is to terminate antivirus software right after the execution of the malware. In this project, we plan to propose a mechanism, called ANtivirus Software Shield (ANSS), to prevent antivirus software from being terminated without the consciousness of the antivirus software users. ANSS uses SSDT (System Service Descriptor Table) hooking to intercept specific Windows APIs and analyzes them to filter out hazardous API calls that will terminate antivirus software. After implementing our system, we will use diverse pieces of malware that can terminate various brands of antivirus applications to test the effectiveness of ANSS and the performance overhead of ANSS.
關聯:	財團法人國家實驗研究院科技政策研究與資訊中心
显示于类别:	[資訊工程學系] 研究計畫

文件中的档案:

档案	描述	大小	格式	浏览次数
index.html		0Kb	HTML	348	检视/开启

在NCUIR中所有的数据项都受到原著作权保护.

社群 sharing

数据加载中.....