【作者】 阳广元； 李毅超； 李晓冬；

【Author】 YANG Guang-yuan LI Yi-chao Li Xiao-dong (School of Computer Science and Engineering,UEST of China,Chendu,610054)

【机构】 电子科技大学计算机科学与工程学院；

【摘要】 本文通过研究当前恶意程序的发展趋势和 NTFS 文件系统的结构特征,并系统比较了在文件隐藏和检测方面的诸多技术和方法,综合分析了它们存在的不足,提出了一种在 NTFS 文件系统中进行恶意程序隐藏检测的方法,使得针对恶意程序的检测更加完整和可靠。更多还原

【Abstract】 By making researches on the current development trend of malicious programs and the characteristics of NTFS file system,and systematically comparing the various technologies and methods which are with respect to the hiding and detection of files,and then synthetically analyzing their shortage,this paper puts forward a brand-new method based on the NTFS file system.This method makes the detection of malicious programs more integrated and reliable.The experiment indicates that this method can almost detect all the current malicious programs which use hiding file technology.更多还原