An Improved Kernel Trojan Horse Architecture Model

  • Mingwei Zhao
  • Rongan Jiang
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 157)


As a new kind of Trojan horse which combines with the kernel Rootkit technologies, kernel Trojan horse has received a great mount of people’s attention and been used a lot. However, the sensitive property of kernel Trojan which follows traditional architecture model is fully exposed to the security software, and needs kernel concealment module to complete all the hidden works, thus the concealment module is too large, easily detected by security software. Based on the analysis of Trojan collaborative concealment model, this paper improves the traditional architecture model and introduces a lightweight concealment module of pure kernel Trojan horse architecture model. Furthermore, an example which adopts the improved model is present in this paper. The experimental results verify the feasibility and efficient of the improved model.


Architecture Model Trojan Horse Sensitive Property Target Host Task Module 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Lacombe, E., Raynal, F., Nicomette, V.: Rootkit modeling and experiments under Linux. Journal in Computer Virology 4, 137–157 (2008)CrossRefGoogle Scholar
  2. 2.
    Wang, J.: doi: 10.1109/ICIME.2010.5478178Google Scholar
  3. 3.
    Gong, G., Li, Z.-J., Hu, C.-J., Zou, Y.-K., Li, Z.-P.: Research on Stealth Technology of Windows Kernel level Rootkits. Computer Science 37, 59–62 (2010)Google Scholar
  4. 4.
    Liu, D., Gan, Z.: Research on Concealment Technology of kernel-based Trojan Horse Under Windows. Microprocessors 3, 41–44 (2009)Google Scholar
  5. 5.
    Kang, Z.-P., Xiang, H., Hu, H.-B.: Research and practice on concealing technology of Windows’ Rootkit. Computer Engineering and Design 28, 3334–3337 (2007)Google Scholar
  6. 6.
    Zuo, L.-M., Jiang, Z.-F., Tang, P.-Z.: Concealing Technology of Windows Rootkit and Integrated Detection Method. Computer Engineering 35, 118–120 (2009)Google Scholar
  7. 7.
    Zhang, X.-Y., Qing, S.-H., Ma, H.-T., Zhang, N., Sun, S.-H., Jiang, J.-C.: Research on the concealing technology of Trojan horses. Research on the concealing technology of Trojan horses. Journal of China Institute of Communications 25, 153–159 (2004)Google Scholar
  8. 8.
    Hoglund, G., Butler, J.: Rootkits: Subverting the Windows Kernel. Addison-Wesley Professional, Boston (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  1. 1.Department of Computer Science and Technology, Faculty of Electronic Information and Electrical EngineeringDalian University of TechnologyDalianChina

Personalised recommendations