Hidden Process Detection for Windows Operating Systems
| Title | Hidden Process Detection for Windows Operating Systems |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Voitovych, O., Kupershtein, L., Pavlenko, I. |
| Conference Name | 2017 4th International Scientific-Practical Conference Problems of Infocommunications. Science and Technology (PIC S T) |
| Keywords | audit system, composability, Computational efficiency, data encapsulation, descriptor based method, hidden process detection, Indexes, information security monitoring, Libraries, Metrics, Microsoft Windows (operating systems), Monitoring, monitoring system, opened windows based method, operating system kernels, PID based method, pubcrawl, resilience, Resiliency, rootkit, security, security of data, Software development, system call based method, user mode, Windows operating system |
| Abstract | Rootkits detecting in the Windows operating system is an important part of information security monitoring and audit system. Methods of hided process detection were analyzed. The software is developed which implements the four methods of hidden process detection in a user mode (PID based method, the descriptor based method, system call based method, opened windows based method) to use in the monitoring and audit systems. |
| URL | http://ieeexplore.ieee.org/document/8246439/ |
| DOI | 10.1109/INFOCOMMST.2017.8246439 |
| Citation Key | voitovych_hidden_2017 |
- opened windows based method
- Windows operating system
- user mode
- system call based method
- software development
- security of data
- security
- rootkit
- Resiliency
- resilience
- pubcrawl
- PID based method
- operating system kernels
- audit system
- monitoring system
- Monitoring
- Microsoft Windows (operating systems)
- Metrics
- Libraries
- information security monitoring
- Indexes
- hidden process detection
- descriptor based method
- data encapsulation
- Computational efficiency
- composability