Computer Science ›› 2015, Vol. 42 ›› Issue (8): 175-179.

Previous Articles     Next Articles

Research on Rootkit Detection Method Based on Neural Network Expert System in Virtualized Environment

ZHAO Zhi-yuan, ZHU Zhi-qiang, SUN Lei and MA Ke-xin   

  • Online:2018-11-14 Published:2018-11-14

Abstract: In order to solve the problems about the high misjudgment ratio of Rootkit detection and undetectable unknown Rootkit in the virtualization guest operating system,a Rootkit detection method(QPSO_BP_ES) based on neural network expert system was proposed.The detection system combines neural network with expert system,which can take advantage of them.In the actual detection,QPSO_BP_ES firstly captures the previously selected Rootkit’s typical characteristic behaviors.And then,the trained system detects the presence of Rootkit.The experimental results show that QPSO_BP_ES can effectively reduce the misjudgment ratio and detect both known and unknown Rootkit.

Key words: Virtualization,QPSO,Neural network,Expert system,Rootkit

[1] 冯登国,张敏,张妍等.云计算安全研究[J].软件学报,2011,22(1):71-83 Feng Deng-guo,Zhang Min,Zhang Yan,et al.Study on Cloud Computing Security[J].Journal of Software,2011,22(1):71-83
[2] 王怀习,陈建熊,王晨,等.云计算中虚拟化技术的安全威胁[J].华中科技大学学报(自然科学版),2012(S1):153-156 Wang Huai-xi,Chen Jian-xiong,Wang Chen,et al.Security threats of virtualization in cloud computing[J].Journal Huazhong University of Science and Technology(Natural Science Edition),2012(S1):153-156
[3] Dinaburg A,Royal P,Sharif M,et al.Ether:malware analysisvia hardware virtualization extensions[C]∥CCS08.2008
[4] Jones S T,Arpaci-Dusseau A C,Arpaci-Dusseau R H,et al.VMM-based hidden process detection and identification using Lycosid[C]∥VEE’08.2008:91-100
[5] 潘剑锋.主机恶意代码检测系统的设计与实现[D].合肥:中国科学技术大学,2009 Pan Jian-feng.Design and Implemetation of Host-Based Malcode Detection System[D].Hefei:University of Science and Techno-logy of China,2009
[6] 王蕊,冯登国,杨轶,等.基于语义的恶意代码行为特征提取及检测方法[J].软件学报,2012,23(2):378-393 Wang Rui,Feng Deng-guo,Yang Yi,et al.Semantics-Based Malware Behavior Signature Extraction and Detection Method[J].Journal of Software,2012,23(2):378-393
[7] 高刃,唐龙,伍爵博.基于神经网络的无线传感器网络数据预测应用研究[J].计算机科学,2012,39(5):44-47 Gao Ren,Tang Long,Wu Jue-bo.Application Research of Data Prediction in Wireless Sensor Network Based on Neural Network[J].Computer Science,2012,39(5):44-47
[8] 韩敏.基于微粒群的神经网络预测控制理论及应用[M].北京:中国水利水电出版社,2013 Han Min.Theory and Application of Neural Network Predictive and Control Based on Particle Swarm[M].Beijing:China WaterPower Press,2013
[9] 冯帆,罗森林.基于VMM的Rootkit检测技术及模型分析[J].信息网络安全,2013(6):35-39 Feng Fan,Luo Sen-lin.The Analysis of VMM based Rootkit Detecting Technology and Model[J].Information Network Security,2013(6):35-39
[10] 韩奕.基于行为分析的恶意代码检测与评估研究[D].北京:北京交通大学,2014 Han Yi.A Research of Malware Detection and Evaluation Based on Behavior Analysis[D].Beijng:Beijing Jiaotong University,2014
[11] 刘婷婷.面向云计算的数据安全保护关键技术研究[D].郑州:解放军信息工程大学,2013 Liu Ting-ting.Research on Key Technologies of Data Security towards Cloud Computing[D].Zhengzhou:PLA Information Engineering University,2013
[12] Kolmogorov A N.The local structure of turbulence in incompressible viscous fluid for very large Reynolds numbers[J].Dokl.Akad.Nauk SSSR.,1941,30(4):299-303
[13] 李剑.入侵检测技术[M].北京:高等教育出版社,2012Li Jian.Intrusion Detection Technology[M].Beijing:HigherEducation Press,2012
[14] 王丽娜,高汉军,刘炜,等.利用虚拟机监视器检测及管理隐藏进程[J].计算机研究与发展,2011,8(8):1534-1541 Wang Li-na,Gao Han-jun,Liu Wei,et al.Detecting and Managing Hidden Process via Hypervisor[J].Journal of Computer Research and Development,2011,48(8):1534-1541

No related articles found!
Full text



No Suggested Reading articles found!