| 发明名称 |
Rootkit detection by using HW resources to detect inconsistencies in network traffic |
| 摘要 |
A technique allows detection of covert malware that attempts to hide network traffic. By monitoring network traffic both in a secure trusted environment and in an operating system environment, then comparing the monitor data, attempts to hide network traffic can be detected, allowing the possibility of performing rehabilitative actions on the computer system to locate and remove the malware hiding the network traffic. |
| 申请公布号 |
US9197654(B2) |
申请公布日期 |
2015.11.24 |
| 申请号 |
US201313931705 |
申请日期 |
2013.06.28 |
| 申请人 |
|
发明人 |
Ben-Shalom Omer;Nayshtut Alex;Muttik Igor |
| 分类号 |
H04L29/00;H04L29/06;G06F21/55;G06F21/50 |
主分类号 |
H04L29/00 |
| 代理机构 |
Blank Rome LLP |
代理人 |
Blank Rome LLP |
| 主权项 |
1. A non-transitory computer readable medium with instructions stored thereon, the instructions comprising instructions that when executed cause a programmable device to:
monitor network traffic of the programmable device in an environment controlled by an operating system of the programmable device, producing a first monitor data; monitor network traffic of the programmable device in a cryptographically secured hardware environment of the programmable device not controlled by the operating system, producing a second monitor data; compare the first monitor data with the second monitor data; and indicate whether the first monitor data is the same as the second monitor data. |
| 地址 |
|
