%0 Journal Article
%T Detection of the malicious code injection by hooking system calls in kernel mode<br>基于内核驱动的恶意代码动态检测技术
%A LI Wei
%A SU Pu-Rui
%A <br>李伟
%A 苏璞睿
%J 中国科学院研究生院学报
%D 2010
%I 
%X Based on detailed analyses of all the methods about runtime process injection and hooking techniques in Windows operating system, we propose a method for dynamically detecting malicious code using the kernel-mode driver. It is implemented as a driver that is able to dynamically monitor every process, report attacks to the user accurately, and enhance overall system security.The experimental results show that this method achieves satisfactory detection effects in performance and detection.
%K Hook技术
%K 系统服务描述符表
%K 系统服务表
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=B5EDD921F3D863E289B22F36E70174A7007B5F5E43D63598017D41BB67247657&cid=B47B31F6349F979B&jid=67CDFDECD959936E166E0F72DE972847&aid=D21B436C4E26DBB91EEE5E196C86C53C&yid=140ECF96957D60B2&vid=DB817633AA4F79B9&iid=94C357A881DFC066&sid=08B2E838F29A693A&eid=7D2B339649A57040&journal_id=1002-1175&journal_name=中国科学院研究生院学报&referenced_num=0&reference_num=17