Title :
A Methodology to Detect Kernel Level Rootkits based on Detecting Hidden Processes
Author :
Hao, Jie ; Hao, Yu-jie ; Ding, Zhi-jian ; Song, Lin-Tao
Author_Institution :
Dept. of Comput. Sci. & Eng., Univ. of Electron. Sci. & Technol. of China, Chengdu
Abstract :
Intruders will normally install some tools when he gains access to a computer system, in order to regain the root privilege when he come back onto the system at a later time. Installing a rookit on the compromised system is one of the methods that a intruder may use. The kernel of the operating system which is the lowest level of most modern OS will be modified by a kernel level rootkit. In this paper we present a standardized methodology to detect rootkits. Through this method, it is possible to provide additional protection against this type of malicious modification of the kernel.
Keywords :
operating system kernels; security of data; computer system; hidden process detection; intrusion detection; kernel level rootkit detection; malicious kernel modification; operating system kernel; Chemical engineering; Chemical processes; Chemical technology; Computer hacking; Computer science; Control systems; Kernel; Operating systems; Permission; Protection; EPROCESS; Rootkits; hidden process; malware;
Conference_Titel :
Apperceiving Computing and Intelligence Analysis, 2008. ICACIA 2008. International Conference on
Conference_Location :
Chengdu
Print_ISBN :
978-1-4244-3427-5
Electronic_ISBN :
978-1-4244-3426-8
DOI :
10.1109/ICACIA.2008.4770042
