1. Behavioral Detection
- Detecting diverted execution paths
- Detecting alterations in the number, order, and frequency of system calls
2. Signature Scanners – AV Products
- Fingerprint Identification
3. Searches memory or the file system for unique byte patterns
4. Integrity Checkers – Tripwire
- Detects unauthorized changes to system files or to loaded OS components in memory
- Creates an initial baseline database containing their CRC values
- Periodically calculates and compares the CRC’s of these files against the initial trusted baseline
5. Diff Based Approach
- Microsoft Strider Ghost, System Internals Rootkit Revealer, F-Secure Blacklight
6. HW-assistant Hypervisor based Approach?
没有评论:
发表评论