Visible to the public Hidden Process Detection for Windows Operating Systems

TitleHidden Process Detection for Windows Operating Systems
Publication TypeConference Paper
Year of Publication2017
AuthorsVoitovych, O., Kupershtein, L., Pavlenko, I.
Conference Name2017 4th International Scientific-Practical Conference Problems of Infocommunications. Science and Technology (PIC S T)
Keywordsaudit system, composability, Computational efficiency, data encapsulation, descriptor based method, hidden process detection, Indexes, information security monitoring, Libraries, Metrics, Microsoft Windows (operating systems), Monitoring, monitoring system, opened windows based method, operating system kernels, PID based method, pubcrawl, resilience, Resiliency, rootkit, security, security of data, Software development, system call based method, user mode, Windows operating system

Rootkits detecting in the Windows operating system is an important part of information security monitoring and audit system. Methods of hided process detection were analyzed. The software is developed which implements the four methods of hidden process detection in a user mode (PID based method, the descriptor based method, system call based method, opened windows based method) to use in the monitoring and audit systems.

Citation Keyvoitovych_hidden_2017