| 摘要 |
PURPOSE: A real time operation information backup method and recording medium thereof through LKM(Loadable Kernel Module) root kit detection are provided to detect a root kit executed in a computer system having LKM(Loadable Kernel Module) based operating system. CONSTITUTION: A process state command is executed for indicating an executable process state. A first process list is generated(S10). A structure of a process structure body of operating system is searched. A second process list is generated(S20). A malicious estimate process is detected(S40). The malicious estimate process is not included in the first and second process lists. Operating information is backup(S50). |
