The design and implementation of tripwire: a file system integrity checker
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
Detecting Kernel-Level Rootkits Through Binary Analysis
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Detecting Stealth Software with Strider GhostBuster
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Detecting and Categorizing Kernel-Level Rootkits to Aid Future Detection
IEEE Security and Privacy
Anomalous system call detection
ACM Transactions on Information and System Security (TISSEC)
Automated detection of persistent kernel control-flow attacks
Proceedings of the 14th ACM conference on Computer and communications security
Countering kernel rootkits with lightweight hook protection
Proceedings of the 16th ACM conference on Computer and communications security
A sense of self for Unix processes
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Hi-index | 0.00 |
As the dependence on network increased for accessing information, attackers targeted it for extracting information. Securing information in a networked environment became a challenge. Security systems can be employed in the host or in the network itself as a standalone entity. Host based detection systems can be broadly classified into either anomaly detection or misuse detection. Host based methods are more popular due to the low, cost and processing overhead involved, as compared to other mechanisms like virtualisation based detection. Due to its effectiveness, attackers now manipulate system calls for initiating an attack. Rootkits are the best example of these type of attacks. Kernel level rootkits manipulate system calls by different means to hide its existence. We used host based detection mechanism, where a Linux kernel module is used to extract information from the kernel. Our work proposes an efficient host based detection mechanism using unsupervised learning mechanism in a Linux based system.