首页>
外国专利>
Method and system for the detection of file system filter driver based rootkits
Method and system for the detection of file system filter driver based rootkits
展开▼
机译:基于文件系统过滤器驱动程序的rootkit的检测方法和系统
展开▼
页面导航
摘要
著录项
相似文献
摘要
A method, system, and computer program product for detecting hidden files and folders that may be installed by or as part of a rootkit provides the capability to identify the method that is used to hide the files and folders, will continue working even if the operating system is modified, and is suitable for real-time detection of hidden files and folders. A method for detecting a rootkit comprises the steps of generating a plurality of query input/output request packets, each query input/output request packet requesting information relating to a file system directory folder, transmitting a generated query input/output request packet to each file system driver object, receiving a result including the requested information relating to a file system directory folder from each file system driver object, and determining differences among each result, to determine information relating to a file system directory folder that is removed by at least one file system driver object.
展开▼