An Improved Kernel Trojan Horse Architecture Model
As a new kind of Trojan horse which combines with the kernel Rootkit technologies, kernel Trojan horse has received a great mount of people’s attention and been used a lot. However, the sensitive property of kernel Trojan which follows traditional architecture model is fully exposed to the security software, and needs kernel concealment module to complete all the hidden works, thus the concealment module is too large, easily detected by security software. Based on the analysis of Trojan collaborative concealment model, this paper improves the traditional architecture model and introduces a lightweight concealment module of pure kernel Trojan horse architecture model. Furthermore, an example which adopts the improved model is present in this paper. The experimental results verify the feasibility and efficient of the improved model.
KeywordsArchitecture Model Trojan Horse Sensitive Property Target Host Task Module
Unable to display preview. Download preview PDF.
- 2.Wang, J.: doi: 10.1109/ICIME.2010.5478178Google Scholar
- 3.Gong, G., Li, Z.-J., Hu, C.-J., Zou, Y.-K., Li, Z.-P.: Research on Stealth Technology of Windows Kernel level Rootkits. Computer Science 37, 59–62 (2010)Google Scholar
- 4.Liu, D., Gan, Z.: Research on Concealment Technology of kernel-based Trojan Horse Under Windows. Microprocessors 3, 41–44 (2009)Google Scholar
- 5.Kang, Z.-P., Xiang, H., Hu, H.-B.: Research and practice on concealing technology of Windows’ Rootkit. Computer Engineering and Design 28, 3334–3337 (2007)Google Scholar
- 6.Zuo, L.-M., Jiang, Z.-F., Tang, P.-Z.: Concealing Technology of Windows Rootkit and Integrated Detection Method. Computer Engineering 35, 118–120 (2009)Google Scholar
- 7.Zhang, X.-Y., Qing, S.-H., Ma, H.-T., Zhang, N., Sun, S.-H., Jiang, J.-C.: Research on the concealing technology of Trojan horses. Research on the concealing technology of Trojan horses. Journal of China Institute of Communications 25, 153–159 (2004)Google Scholar
- 8.Hoglund, G., Butler, J.: Rootkits: Subverting the Windows Kernel. Addison-Wesley Professional, Boston (2005)Google Scholar