• DocumentCode
    814646
  • Title

    Detecting and categorizing kernel-level rootkits to aid future detection

  • Author

    Levine, John G. ; Grizzard, Julian B. ; Owen, Henry L.

  • Author_Institution
    Georgia Inst. of Technol., Atlanta, GA, USA
  • Volume
    4
  • Issue
    1
  • fYear
    2006
  • Firstpage
    24
  • Lastpage
    32
  • Abstract
    Existing techniques to detect kernel-level rootkits expose some infections, but they don´t identify specific attacks. This rootkit categorization approach helps system administrators identify the extent of specific infections, aiding in optimal recovery and faster reactions to future attacks. The authors present a framework to detect and classify rootkits and discuss a methodology for determining if a system has been infected by a kernel-level rootkit. Once infection is established, administrators can create new signatures for kernel-level rootkits to detect them. The authors conducted their research on a Red Hat Linux-based system, but the methodology is applicable to other Linux distributions based on the standard Linux kernel. They also believe the method can apply to other Unix- and Windows-based systems.
  • Keywords
    computer viruses; operating system kernels; security of data; Red Hat Linux; kernel-level rootkit classification; kernel-level rootkit detection; Computer security; Control systems; Data structures; File systems; Kernel; Linux; Memory management; Privacy; Read-write memory; Invasive software; rootkit; rootkits;
  • fLanguage
    English
  • Journal_Title
    Security & Privacy, IEEE
  • Publisher
    ieee
  • ISSN
    1540-7993
  • Type

    jour

  • DOI
    10.1109/MSP.2006.11
  • Filename
    1588822
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=814646