A REALTIME OPERATIONAL INFORMATION BACKUP METHOD BY DECTECTING LKM ROOTKIT AND THE RECORDING MEDIUM THEREOF
摘要
PURPOSE: A real time operation information backup method and recording medium thereof through LKM(Loadable Kernel Module) root kit detection are provided to detect a root kit executed in a computer system having LKM(Loadable Kernel Module) based operating system. CONSTITUTION: A process state command is executed for indicating an executable process state. A first process list is generated(S10). A structure of a process structure body of operating system is searched. A second process list is generated(S20). A malicious estimate process is detected(S40). The malicious estimate process is not included in the first and second process lists. Operating information is backup(S50).
申请公布号
KR20120087508(A)
申请公布日期
2012.08.07
申请号
KR20110008740
申请日期
2011.01.28
申请人
HANNAM UNIVERSITY INSTITUTE FOR INDUSTRY-ACADEMIACOOPERATION
发明人
LEE, GEUK;YOO, SEUNG JAE;SON, CHOUL WOONG;LEE, KYU WON