抽象的

A New Method for Protecting User Mode from Root Kit Malwares

K.Rajan, D.Raghu Raman

The dominant operating system in the world today is windows. There are some of the weaknesses present in the window architecture. Using this weakness root kit malware wants to utilize an administrative control of the windows, root kit malwares refers to software that is used to conceal the presence and permit an attacker to take control of a system. So, an attacker can capture the sensitive information that present in a system. To reduce the number of root kit injection first, we classify the legitimate and suspicious code using an algorithm if the process is a legitimate one means that the legitimate process is directly permitted to get the system service through the ntdll.dll which acts as a gateway to the kernel mode from the user mode. If it is a suspicious code means, it will be processed through the customized ntdll.dll. Monitor program is used to customize the ntdll.dll by hook.dll, using which the prevalidation and validation function is added in the ntdll.dll. Pre-validation is done by generating password for a suspicious code using a scrambling technique, then by using we unscramble the dispatch-ID which was scrambled in the user mode and redirect the control to the validation function if it matches with any of the system services, otherwise the control will be disallowed. It provides an additional protection that avoids the system crash and allows only the legitimate program to accomplish the system services.

免责声明: 此摘要通过人工智能工具翻译,尚未经过审核或验证

索引于

学术钥匙
研究圣经
引用因子
宇宙IF
参考搜索
哈姆达大学
世界科学期刊目录
学者指导
国际创新期刊影响因子(IIJIF)
国际组织研究所 (I2OR)
宇宙

查看更多