Title :
A New Procedure to Help System/Network Administrators Identify Multiple Rootkit Infections
Author :
Lobo, Desmond ; Watters, Paul ; Wu, Xin-Wen
Author_Institution :
Internet Commerce Security Lab., Univ. of Ballarat, Ballarat, VIC, Australia
Abstract :
Rootkits refer to software that is used to hide the presence of malware from system/network administrators and permit an attacker to take control of a computer. In our previous work, we designed a system that would categorize rootkits based on the hooks that had been created. Focusing on rootkits that use inline function hooking techniques, we showed that our system could successfully categorize a sample of rootkits using unsupervised EM clustering. In this paper, we extend our previous work by outlining a new procedure to help system/network administrators identify the rootkits that have infected their machines. Using a logistic regression model for profiling families of rootkits, we were able to identify at least one of the rootkits that had infected each of the systems that we tested.
Keywords :
computer network security; expectation-maximisation algorithm; invasive software; pattern clustering; regression analysis; inline function hooking technique; logistic regression model; malware; multiple rootkit infection; network administrator; system administrator; unsupervised EM clustering; Business; Communication system security; Communication system software; Computer network management; Computer networks; Computer security; Control systems; IP networks; Laboratories; Logistics; logistic regression; malware; network security; profiling; rootkits;
Conference_Titel :
Communication Software and Networks, 2010. ICCSN '10. Second International Conference on
Conference_Location :
Singapore
Print_ISBN :
978-1-4244-5726-7
Electronic_ISBN :
978-1-4244-5727-4
DOI :
10.1109/ICCSN.2010.14
