• DocumentCode
    2551766
  • Title

    A Methodology to Detect Kernel Level Rootkits based on Detecting Hidden Processes

  • Author

    Hao, Jie ; Hao, Yu-jie ; Ding, Zhi-jian ; Song, Lin-Tao

  • Author_Institution
    Dept. of Comput. Sci. & Eng., Univ. of Electron. Sci. & Technol. of China, Chengdu
  • fYear
    2008
  • fDate
    13-15 Dec. 2008
  • Firstpage
    359
  • Lastpage
    361
  • Abstract
    Intruders will normally install some tools when he gains access to a computer system, in order to regain the root privilege when he come back onto the system at a later time. Installing a rookit on the compromised system is one of the methods that a intruder may use. The kernel of the operating system which is the lowest level of most modern OS will be modified by a kernel level rootkit. In this paper we present a standardized methodology to detect rootkits. Through this method, it is possible to provide additional protection against this type of malicious modification of the kernel.
  • Keywords
    operating system kernels; security of data; computer system; hidden process detection; intrusion detection; kernel level rootkit detection; malicious kernel modification; operating system kernel; Chemical engineering; Chemical processes; Chemical technology; Computer hacking; Computer science; Control systems; Kernel; Operating systems; Permission; Protection; EPROCESS; Rootkits; hidden process; malware;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Apperceiving Computing and Intelligence Analysis, 2008. ICACIA 2008. International Conference on
  • Conference_Location
    Chengdu
  • Print_ISBN
    978-1-4244-3427-5
  • Electronic_ISBN
    978-1-4244-3426-8
  • Type

    conf

  • DOI
    10.1109/ICACIA.2008.4770042
  • Filename
    4770042
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2551766