Back to Static Analysis for Kernel-Level Rootkit Detection
نویسندگان
چکیده
منابع مشابه
Applying Memory Forensics to Rootkit Detection
Volatile memory dump and its analysis is an essential part of digital forensics. Among a number of various software and hardware approaches for memory dumping there are authors who point out that some of these approaches are not resilient to various anti-forensic techniques, and others that require a reboot or are highly platform dependent. New resilient tools have certain disadvantages such as...
متن کاملA Forced Sampled Execution Approach to Kernel Rootkit Identification
Kernel rootkits are considered one of the most dangerous forms of malware because they reside inside the kernel and can perform the most privileged operations on the compromised machine. Most existing kernel rootkit detection techniques attempt to detect the existence of kernel rootkits, but cannot do much about removing them, other than booting the victim machine from a clean operating system ...
متن کاملMrKIP: Rootkit Recognition with Kernel Function Invocation Pattern
Existing mechanisms tracing user-level activities such as system calls and APIs can be circumvented by the kernel-level rootkits. In this paper, a novel system, MrKIP, is proposed to recognize rootkits based on their kernel-level activities. Our scheme semiautomatically generates suitable locations for analysts to implement checkpoints, which are used to profile kernel-space activities. Then, c...
متن کاملPIkit: A New Kernel-Independent Processor-Interconnect Rootkit
The goal of rootkit is often to hide malicious software running on a compromised machine. While there has been significant amount of research done on different rootkits, we describe a new type of rootkit that is kernel-independent – i.e., no aspect of the kernel is modified and no code is added to the kernel address space to install the rootkit. In this work, we present PIkit – Processor-Interc...
متن کاملLinux Kernel Developer Responses to Static Analysis Bug Reports
We present a study of how Linux kernel developers respond to bug reports issued by a static analysis tool. We found that developers prefer to triage reports in younger, smaller, and more actively-maintained files (§2), first address easy-to-fix bugs and defer difficult (but possibly critical) bugs (§3), and triage bugs in batches rather than individually (§4). Also, although automated tools can...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Transactions on Information Forensics and Security
سال: 2014
ISSN: 1556-6013,1556-6021
DOI: 10.1109/tifs.2014.2337256