Title :
Researches on process algebra based rootkits-immune mechanism
Author :
Linbo Tao ; Jianjing Shen ; Peng Hu ; Zhenyu Zhou
Author_Institution :
Sch. of Arts & Sci., Inf. Eng. Univ., Zhengzhou, China
Abstract :
We present a novel mechanism for detecting unknown rootkits and immunizing known rootkit for the purposes of protecting the computer from being infected by rootkits. Inspired by the immune system of human beings, our mechanism adopts the humoral immunity mechanism to detect and defense tough rootkits. First, the features of the processes are analyzed, the known rootkit features are extracted, and the process algebra are applied to formally represent object such as the self-antigens, pathogene, antibody, etc. Then, the known rootkit are used to train to generate relevant antibody which can recognize antigens of non-self. Meanwhile, the rejection reaction of humoral immunity is used to detect unknown rootkit and generate specific antibody. Last, both known and unknown rootkits can be killed once detected. Based on this mechanism, a prototype system is implemented. And experimental results indicate that this mechanism possesses higher detection ratio and lower false ratio.
Keywords :
computer viruses; feature extraction; process algebra; antibody; detection ratio; human being; humoral immunity mechanism; lower false ratio; pathogene; process algebra based rootkits-immune mechanism; prototype system; rejection reaction; rootkit feature extraction; self-antigens; tough rootkit; Algebra; Feature extraction; Generators; Immune system; Monitoring; Real-time systems; Viruses (medical); Kernel Security; Process Algebra; Rootkit-immune; Rootkits;
Conference_Titel :
Control and Decision Conference (CCDC), 2015 27th Chinese
Conference_Location :
Qingdao
Print_ISBN :
978-1-4799-7016-2
DOI :
10.1109/CCDC.2015.7162393
