Title :
RBACS: Rootkit Behavioral Analysis and Classification System
Author :
Lobo, Desmond ; Watters, Paul ; Wu, Xinwen
Author_Institution :
Internet Commerce Security Lab., Univ. of Ballarat, Ballarat, VIC, Australia
Abstract :
In this paper, we focus on rootkits, a special type of malicious software (malware) that operates in an obfuscated and stealthy mode to evade detection. Categorizing these rootkits will help in detecting future attacks against the business community. We first developed a theoretical framework for classifying rootkits. Based on our theoretical framework, we then proposed a new rootkit classification system and tested our system on a sample of rootkits that use inline function hooking. Our experimental results showed that our system could successfully categorize the sample using unsupervised clustering.
Keywords :
invasive software; pattern classification; pattern clustering; business community; malware; rootkit behavioral analysis; rootkit classification system; unsupervised clustering; Australia; Business; Computer crime; Computer viruses; Computer worms; Data mining; Data security; Internet; Laboratories; System testing; behavioral analysis; classification; data mining; malware; rootkits;
Conference_Titel :
Knowledge Discovery and Data Mining, 2010. WKDD '10. Third International Conference on
Conference_Location :
Phuket
Print_ISBN :
978-1-4244-5397-9
Electronic_ISBN :
978-1-4244-5398-6
DOI :
10.1109/WKDD.2010.23
