Title :
R/Bootkit detection based on trusted computing and neural network
Author :
Sha, Le-Tian ; Wang, Hong-Xia
Author_Institution :
Inf. Security & Nat. Comput. Grid Lab., Southwest Jiaotong Univ., Chengdu, China
Abstract :
There is no standardized definition to characterize R/Bootkit that threatens kernel security of boot process in operating system. Most existing detection techniques attempt to detect the performance of it in the running stage of operating system, rather than protect kernel modules in the boot process. This paper proposes a new trust chain, where the trust root is TPM, which checks all kernel modules from CPU to the application environment, then security of kernel modules can be ensured out of R/Bootkit. In addition, a neural network is designed to identify known and unknown R/Bootkit. The test results show that we can correctly detect illegal modifications for kernel modules.
Keywords :
neural nets; operating system kernels; R/Bootkit detection; TPM; boot process; kernel module protection; neural network; operating system; trusted computing; Computer networks; Grid computing; Information security; Kernel; Laboratories; National security; Neural networks; Operating systems; Protection; Testing;
Conference_Titel :
Information Management and Engineering (ICIME), 2010 The 2nd IEEE International Conference on
Conference_Location :
Chengdu
Print_ISBN :
978-1-4244-5263-7
Electronic_ISBN :
978-1-4244-5265-1
DOI :
10.1109/ICIME.2010.5478345
