Title :
Detecting and categorizing kernel-level rootkits to aid future detection
Author :
Levine, John G. ; Grizzard, Julian B. ; Owen, Henry L.
Author_Institution :
Georgia Inst. of Technol., Atlanta, GA, USA
Abstract :
Existing techniques to detect kernel-level rootkits expose some infections, but they don´t identify specific attacks. This rootkit categorization approach helps system administrators identify the extent of specific infections, aiding in optimal recovery and faster reactions to future attacks. The authors present a framework to detect and classify rootkits and discuss a methodology for determining if a system has been infected by a kernel-level rootkit. Once infection is established, administrators can create new signatures for kernel-level rootkits to detect them. The authors conducted their research on a Red Hat Linux-based system, but the methodology is applicable to other Linux distributions based on the standard Linux kernel. They also believe the method can apply to other Unix- and Windows-based systems.
Keywords :
computer viruses; operating system kernels; security of data; Red Hat Linux; kernel-level rootkit classification; kernel-level rootkit detection; Computer security; Control systems; Data structures; File systems; Kernel; Linux; Memory management; Privacy; Read-write memory; Invasive software; rootkit; rootkits;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2006.11
