发明名称 |
METHODOLIGY, SYSTEM, AND COPUTER READABLE MEDIUM FOR DETECTING OPERATING SYSTEM EXPLOITATIONS |
摘要 |
A system, computerized method and computer-readable medium are provided for the detection of an operating system exploitation, such as a rootkit install. The operating system is monitored to ascertain an occurrence of anomalous activity resulting from operating system behavior which deviates from any one of a set of pre-determined operating system parameters. Each parameter corresponds to a dynamic characteristic associated with an unexploited operating system. Output can then be generated to indicate any anomalous activity that is ascertained. The computer-readable medium may comprise a loadable kernel module for detecting hidden patches, processes, files or other kernel modules. |
申请公布号 |
WO2005082092(A2) |
申请公布日期 |
2005.09.09 |
申请号 |
WO2005US06378 |
申请日期 |
2005.02.28 |
申请人 |
SYTEX, INC.;RING, SANDRA, E.;COLE, ERIC, B. |
发明人 |
RING, SANDRA, E.;COLE, ERIC, B. |
分类号 |
G06F11/00;G06F12/00;G06F12/14;G06F21/00 |
主分类号 |
G06F11/00 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|