Title :
Application of a methodology to characterize rootkits retrieved from honeynets
Author :
Levine, John ; Grizzard, Julian ; Owen, Henry
Abstract :
Techniques and methods currently exist to detect if a certain type of rootkit has exploited a computer systems. However, these current techniques and methods can only indicate that a system has been exploited by a rootkit. We are currently developing a methodology to indicate if a rootkit is previously known or if it is a modified or entirely new rootkit. We present in this paper an application of our methodology against a previously unseen rootkit that was collected from the Georgia Tech Honeynet. We conduct our analysis process against this rootkit and are able to identify specific characteristics for subsequent detections of this rootkit. This ability will provide system administrators, researchers, and security personnel with the information necessary in order to take the best possible recovery actions. This may also help to detect and fingerprint additional instances and prevent further security instances involving rootkits.
Keywords :
network operating systems; security of data; Georgia Tech Honeynet; computer system; digital signature; security instances; system administrators; Application software; Computer hacking; Computer networks; Fingerprint recognition; Forensics; Information security; Linux; Operating systems; Personnel; Web server;
Conference_Titel :
Information Assurance Workshop, 2004. Proceedings from the Fifth Annual IEEE SMC
Print_ISBN :
0-7803-8572-1
DOI :
10.1109/IAW.2004.1437792
