A Host Based Kernel Level Rootkit Detection Mechanism Using Clustering Technique
作者: Jestin Joy , Anita John
DOI: 10.1007/978-3-642-24043-0_57
关键词: Data mining 、 Host (network) 、 System call 、 Privilege (computing) 、 Kernel (image processing) 、 Computer science 、 Malware 、 Anomaly detection 、 Cluster analysis 、 Rootkit
摘要: Rootkits are a set of software tools used by an attacker to gain unauthorized access into system, thereby providing him with privilege sensitive data, conceal its own existence and allowing install other malicious software. They difficult detect due their elusive nature. Modern rootkit attacks mainly focus on modifying operating system kernel. Existing techniques for detection rely saving the state before comparing it infected state. Efficient is possible properly differentiating non activities taking place in In this paper we present novel anomaly method kernel level rootkits based k-means clustering algorithm.
springer.com
sci-hub.st 参考文章(12)
William A. Arbaugh, Timothy Fraser, Nick L. Petroni, Jesus Molina, Copilot - a coprocessor-based kernel runtime integrity monitor usenix security symposium. pp. 13- 13 ,(2004)
Qiang Yan, Yingjiu Li, Tieyan Li, Robert Deng, Insights into Malware Detection and Prevention on Mobile Phones International Conference on Security Technology. ,vol. 58, pp. 242- 249 ,(2009) , 10.1007/978-3-642-10847-1_30
Tal Garfinkel, Mendel Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection. network and distributed system security symposium. ,(2003)
Greg Kroah-Hartman, Signed kernel modules Linux Journal. ,vol. 2004, pp. 4- ,(2004)
J.F. Levine, J.B. Grizzard, H.L. Owen, Detecting and categorizing kernel-level rootkits to aid future detection ieee symposium on security and privacy. ,vol. 4, pp. 24- 32 ,(2006) , 10.1109/MSP.2006.11
Jeffrey Bickford, Ryan O'Hare, Arati Baliga, Vinod Ganapathy, Liviu Iftode, Rootkits on smart phones: attacks, implications and opportunities workshop on mobile computing systems and applications. pp. 49- 54 ,(2010) , 10.1145/1734583.1734596
Anthony Desnos, Éric Filiol, Ivan Lefou, Detecting (and creating !) a HVM rootkit (aka BluePill-like) Journal of Computer Virology and Hacking Techniques. ,vol. 7, pp. 23- 49 ,(2011) , 10.1007/S11416-009-0130-8
J. Levine, J. Grizzard, H. Owen, A methodology to detect and characterize Kernel level rootkit exploits involving redirection of the system call table Second IEEE International Information Assurance Workshop, 2004. Proceedings.. pp. 107- 125 ,(2004) , 10.1109/IWIA.2004.1288042
Zhi Wang, Xuxian Jiang, Weidong Cui, Peng Ning, Countering kernel rootkits with lightweight hook protection computer and communications security. pp. 545- 554 ,(2009) , 10.1145/1653662.1653728
A. Baliga, V. Ganapathy, L. Iftode, Detecting Kernel-Level Rootkits Using Data Structure Invariants IEEE Transactions on Dependable and Secure Computing. ,vol. 8, pp. 670- 684 ,(2011) , 10.1109/TDSC.2010.38