摘要: Chipsets refer to a set of specialized chips on computer's motherboard or an expansion card [12]. In this paper we present proof concept chipset level rootkit/network backdoor. It interacts directly with network interface hardware based widely deployed Intel 8255x, and tested it successfully two different Ethernet cards chipset. The backdoor has the ability both covertly send out packets receive packets, without need disable security software installed in compromised host order hide its presence. Because low-level position computer system, is capable bypassing virtually all commodity firewall host-based intrusion detection software, including popular, applications like Snort Zone Alarm Security Suite. Such backdoors, while complicated specific, are likely become serious threats high profile attacks corporate espionage cyber terrorist attacks.
acm.org
ucf.edu 
sci-hub.se 参考文章(10)
Salvador Mandujano, Identifying Attack Code through an Ontology-Based Multiagent Tool: FROID World Academy of Science, Engineering and Technology, International Journal of Computer, Electrical, Automation, Control and Information Engineering. ,vol. 1, pp. 1781- 1784 ,(2007)
Greg Hoglund, Jamie Butler, Rootkits: Subverting the Windows Kernel ,(2005)
Richard Bejtlich, Extrusion Detection: Security Monitoring for Internal Intrusions ,(2005)
Weidong Cui, Wai-tian Tan, Randy H. Katz, BINDER: an extrusion-based break-in detector for personal computers usenix annual technical conference. pp. 18- 18 ,(2005)
Kevin Borders, Atul Prakash, Web tap: detecting covert web traffic computer and communications security. pp. 110- 120 ,(2004) , 10.1145/1030083.1030100
Darren Abramson, Intel ® Virtualization Technology for Directed I/O Intel Technology Journal. ,vol. 10, ,(2006) , 10.1535/ITJ.1003.02
Giovanni Rimassa, Agostino Poggi, Fabio Bellifemine, Jade - a fipa-compliant agent framework PAAM’99. ,(1999)
P. C. van Oorschot, Evangelos Kranakis, David Whyte, Exposure maps: removing reliance on attribution during scan detection usenix conference on hot topics in security. pp. 9- 9 ,(2006)
U.S. Code, Gramm-Leach-Bliley Act Gramm-Leach-Bliley Act / AHIMA, American Health Information Management Association. ,(1999)
Vern Paxson, Yin Zhang, Detecting backdoors usenix security symposium. pp. 12- 12 ,(2000)