SYSTEM AND METHOD FOR DETECTING HIDDEN PROCESS USING SYSTEM EVENT INFORMATION

摘要

PROBLEM TO BE SOLVED: To provide a system and method for detecting a hidden process using system event information for detecting and controlling the hidden process.;SOLUTION: Since a hidden process which is executed using a code such as a rootkit also has the characteristic of using resources assigned from an OS of a system for executing the process, information for the hidden process is not shown in an application layer, but process relevant information is disclosed in a kernel layer in the process of using the system resources assigned. Therefore, in this system, a process list is extracted from the kernel layer using system event information which is provided in real-time access to the system resources, a process provided only to the kernel process is detected and controlled as the hidden process through comparison with a process list provided to a user from the application layer. Accordingly, the hidden process which is present in the system can be detected at real time.;COPYRIGHT: (C)2008,JPO&INPIT