| With the popularization of computer network, network security issues are becoming increasingly serious. In recent years, there was a kind of malicious software which can write BIOS chip, its main technology is BIOS Rootkit. This technology is combined by BIOS chip and Rootkit, with good imperceptibility, almost impossible to be detected by existing detecting technology. And the BIOS Rootkit is difficult to remove that reinstall system and format the hard disk are all invalid to remove it. Therefore, the study of detecting BIOS Rootkit becomes very important. This paper introduces the definition, history and characteristic of BIOS Rookit, focus on the dynamic and static analysis of its principle and method, and detailed analyse IceLord which is a example of BIOS ROOTKIT. The paper analysed BIOS Rootkit detection technology based on AWARD from two aspects of dynamic detection and static detection, After analysed advantages and disadvantages of two inspection method, we designed a detection system which is combined by dynamic detection and static detection. The system can effectively avoid defects which existed with a single detective methods, and protect the safety of the computer system very good, safeguard the interests of the legitimate users. This paper also discusses the methods of preventing BIOS Rootkit, and how to remove BIOS Rootkit. These measures have guiding significance to preventing BIOS Rootkit, restoring BIOS and strengthen the network security. |
PDF Full Text Request