• DocumentCode
    1832067
  • Title

    Proactive Detection of Kernel-Mode Rootkits

  • Author

    Bravo, Pablo ; García, Daniel F.

  • Author_Institution
    Dept. of Inf., Univ. of Oviedo, Oviedo, Spain
  • fYear
    2011
  • fDate
    22-26 Aug. 2011
  • Firstpage
    515
  • Lastpage
    520
  • Abstract
    The sophistication of malicious software (malware) used to break the computer security has increased exponentially in the last years. Frequently, malware is hidden into a computer by software components called root kits. Therefore, early detection of root kits is of primary importance to avoid the uncontrolled operation of malware. Most of current techniques for root kit detection only allow a late detection after the malware has already been hidden by a root kit. In this paper, a new technique is presented that enables the proactive detection of root kits while they are hiding malware, and therefore, allowing that hiding can be avoided. The technique has been designed for root kits that operate in kernel-mode. This root kits are particularly difficult to detect because both the detector and the root kit are executed with the same privileges. This technique can be used to improve the detection capabilities of intrusion detection and prevention systems.
  • Keywords
    invasive software; computer security; intrusion detection system; intrusion prevention system; kernel-mode rootkit; malicious software; malware; rootkit proactive detection; Arrays; Kernel; Malware; Monitoring; Resource management; Hooking; Malware; Rootkits; Stealth software;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security (ARES), 2011 Sixth International Conference on
  • Conference_Location
    Vienna
  • Print_ISBN
    978-1-4577-0979-1
  • Electronic_ISBN
    978-0-7695-4485-4
  • Type

    conf

  • DOI
    10.1109/ARES.2011.78
  • Filename
    6045970
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1832067