Computer viruses: theory and experiments
Computers and Security
Applied operating system concepts
Applied operating system concepts
Inside Network Perimeter Security: The Definitive Guide to Firewalls, VPNs, Routers, and Intrusion Detection Systems
Understanding the Linux Kernel, 2nd Edition
Understanding the Linux Kernel, 2nd Edition
Using Honeynets to Protect Large Enterprise Networks
IEEE Security and Privacy
WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
Host based attack detection using system calls
Proceedings of the Second International Conference on Computational Science, Engineering and Information Technology
Hi-index | 0.00 |
There is no standardized methodology at present tocharacterize rootkits that compromise the security ofcomputer systems. The ability to characterize rootkitswill provide system administrators with information sothat they can take the best possible recovery actions andmay also help to detect additional instances and preventthe further installation of the rootkit allowing the securitycommunity to react faster to new rootkit exploits. Thereare limited capabilities at present to detect rootkits, but inmost cases these capabilities only indicate that a system isinfected without identifying the specific rootkit. Wepropose a mathematical framework for classifying rootkitexploits as existing, modifications to existing, or entirelynew. An in-depth analysis of a particular type of kernelrootkit is conducted in order to develop acharacterization. As a result of this characterization andanalysis, we propose some new methods to detect thisparticular class of rootkit exploit.