Filters








1,414 Hits in 2.7 sec

Automated containment of rootkits attacks

Arati Baliga, Liviu Iftode, Xiaoxin Chen
2008 Computers & security  
Leveraging virtual machine technology, we propose a solution for real-time automated detection and containment of rootkit attacks.  ...  Our analysis and experimental results indicate that this approach can very successfully detect and contain the effects of a large percentage of rootkits found for Linux today.  ...  The main contributions of this paper are as follows: • We propose an approach for automated detection and containment of user level as well as kernel level rootkit attacks and other malware that use rootkits  ... 
doi:10.1016/j.cose.2008.06.003 fatcat:wczf6lw7iraurh4h3t6yyerkoq

Detecting Kernel-Level Rootkits Using Data Structure Invariants

A. Baliga, V. Ganapathy, L. Iftode
2011 IEEE Transactions on Dependable and Secure Computing  
Index Terms-Kernel-level rootkits, non-control data attacks, invariant inference, static and dynamic program analysis. • All three authors are with the  ...  Rootkits affect system security by modifying kernel data structures to achieve a variety of malicious goals.  ...  We also thank the anonymous reviewers of this article for their insightful comments.  ... 
doi:10.1109/tdsc.2010.38 fatcat:ibw4oeuow5amlcs2msu2j3qp3q

VICI Virtual Machine Introspection for Cognitive Immunity

Timothy Fraser, Matthew R. Evenson, William A. Arbaugh
2008 2008 Annual Computer Security Applications Conference (ACSAC)  
When systems are under constant attack, there is no time to restore those infected with malware to health manually-repair of infected systems must be fully automated and must occur within milliseconds.  ...  Its repairs have proven effective in tests against a collection of common kernelmodifying rootkit techniques.  ...  XenKIMONO can call for manual intervention upon detecting a kernel-modifying rootkit, but in an environment where systems are under constant attack only fully-automated repair techniques capable of restoring  ... 
doi:10.1109/acsac.2008.33 dblp:conf/acsac/FraserEA08 fatcat:e2uvx2krpvd5tei3kutf7os6qm

Defeating Kernel Driver Purifier [chapter]

Jidong Xiao, Hai Huang, Haining Wang
2015 Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering  
Based on the two proposed offensive schemes, we implement prototypes of both types of rootkits and validate their efficacy through real experiments.  ...  Moreover, these rootkits retain the same functionalities as those of real world rootkits, and only incur negligible performance overhead.  ...  To measure the performance overhead and the automation of our attack, we choose KBeast, Adore-ng, and DR as our rootkits. The experiments are carried out in four steps.  ... 
doi:10.1007/978-3-319-28865-9_7 fatcat:5umxiwfsbfglrm2jwzprn5scva

Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms

Ralf Hund, Thorsten Holz, Felix C. Freiling
2009 USENIX Security Symposium  
In this paper, we present the design and implementation of a system that fully automates the process of constructing instruction sequences that can be used by an attacker for malicious computations.  ...  Protecting the kernel of an operating system against attacks, especially injection of malicious code, is an important factor for implementing secure operating systems.  ...  Automated Gadget Construction One of the most essential parts of our system is the automated construction of return-oriented gadgets, thus enabling us to abstract from a concrete set of executable code  ... 
dblp:conf/uss/HundHF09 fatcat:qbix7y76vjdqdhyatrmk4uf7xi

Rootkits on smart phones

Jeffrey Bickford, Ryan O'Hare, Arati Baliga, Vinod Ganapathy, Liviu Iftode
2010 Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications - HotMobile '10  
However, the ubiquity of smart phones and the unique interfaces that they expose, such as voice, GPS and battery, make the social consequences of rootkits particularly devastating.  ...  This trend makes smart phone operating systems vulnerable to many of the same threats as desktop operating systems. In this paper, we focus on the threat posed by smart phone rootkits.  ...  ., the kernel module containing the rootkit, thereby exposing the rootkit to antivirus tools.  ... 
doi:10.1145/1734583.1734596 dblp:conf/wmcsa/BickfordOBGI10 fatcat:mwg5dksdavg5xbkq4c5omzjbpe

Automatic Mitigation of Kernel Rootkits in Cloud Environments [chapter]

Jonathan Grimm, Irfan Ahmed, Vassil Roussev, Manish Bhatt, ManPyo Hong
2018 Lecture Notes in Computer Science  
To produce an automated solution, we monitor a pool of VMs running the same kernel version to identify kernel invariants, and deviations from them, and use the observed invariants to restore the normal  ...  This approach often leads to service disruption and loss of availability, which can have much more damaging consequences than the original attack.  ...  The primary focus of this work is KOH attacks, and rootkits that hijack system control flow.  ... 
doi:10.1007/978-3-319-93563-8_12 fatcat:52npuhgkczdo7cn653w6kg4xj4

A framework for prototyping and testing data-only rootkit attacks

Ryan Riley
2013 Computers & security  
The current implementation of DORF contains a group of existing and new data-only attacks, and the portability of DORF is demonstrated by porting it to 6 different Linux distributions.  ...  In this work we present DORF, a framework for prototyping and testing data-only rootkit attacks.  ...  A rootkit would contain modified versions of binaries such as ls, ps, top, netcat, and many others.  ... 
doi:10.1016/j.cose.2013.04.006 fatcat:kqmkyn6k7nfbpcf5iyogkrztva

Rootkit Detection on Embedded IoT Devices

Roland Nagy, Krisztián Németh, Dorottya Papp, Levente Buttyán
2021 Acta Cybernetica  
IoT systems are subject to cyber attacks, including infecting embedded IoT devices with rootkits.  ...  We also propose algorithms to detect rootkit components in the persistent storage of the device.  ...  by attacker code instead of legitimate kernel code.  ... 
doi:10.14232/actacyb.288834 fatcat:bsagk4jy6fh6hbelpmx2mfduhm

Taking a lesson from stealthy rootkits

S. Ring, E. Cole
2004 IEEE Security and Privacy  
(See the "Rootkit 101" sidebar for more details on rootkits.) Fortunately, most rootkits suffer from a lack of covertness and secrecy within their binaries.  ...  Merely looking at symbol-table and text-segment information, which contains function names, variables, and strings contained in a program, provides valuable insight into rootkits (and even nonmalicious  ...  Both rootkits' behavior is identical, but kernel rootkits are more difficult to detect, which makes them more desirable to attackers. How much obfuscation?  ... 
doi:10.1109/msp.2004.57 fatcat:vy6ihquh45djblr2ybx6km3fce

Detection of Malicious Data using hybrid of Classification and Clustering Algorithms under Data Mining

Milan Jain, Bikram Pal
2014 International Journal of Computer Applications  
A method that is commonly used for launching these types of attack is popularly known as malware i.e. viruses, Trojan horses and worms, which, when propagate can cause a great damage to commercial companies  ...  In today era modern infrastructures and technologies are more prone to various types of accesses.  ...  The first basic thing that an attacker does is to install rootkit after access is gained to a system, as this will conclude that the attack is going to remain undetected.  ... 
doi:10.5120/18244-9193 fatcat:ur25f37r7rfzlkgrf7q7giubze

Detection of Malware and Kernel-Level Rootkits in Cloud Computing Environments

Thu Yein Win, Huaglory Tianfield, Quentin Mair
2015 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing  
We therefore employ Support Vector Machines (SVM) to automate rootkit and malware classification based on guest behavior (r4).  ...  Implemented as part of the control monitor is the SVM classifier which is designed to automate the malware classification process.  ... 
doi:10.1109/cscloud.2015.54 dblp:conf/cscloud/WinTM15 fatcat:5z4spd2d4nghbgp3362buaeyci

Incidence Handling and Response System [article]

Prof. Dhananjay R. Kalbande, Dr. G. T. Thampi, Mr. Manish Singh
2009 arXiv   pre-print
A computer network can be attacked in a number of ways. The security-related threats have become not only numerous but also diverse and they may also come in the form of blended attacks.  ...  It becomes difficult for any security system to block all types of attacks.  ...  Chkrootkit chkrootkit is a tool to locally check for signs of a rootkit. It contains a chkrootkit: shell script that checks system binaries for rootkit modification.  ... 
arXiv:0906.5060v1 fatcat:t5n6o2bsbzgard7ns5al4za6kq

Kernel Rootkits Detection Method by Monitoring Branches Using Hardware Features

Toshihiro YAMAUCHI, Yohei AKAO
2017 IEICE transactions on information and systems  
For this reason, handling an attack will be delayed causing an increase in the amount of damage done to a computer system.  ...  Thus, attacks on an operating system kernel using kernel rootkits pose a particularly serious threat.  ...  When the quantity of branch records contained in the LBR stack is two, KRGuard determines that the computer system is not infected with kernel rootkits.  ... 
doi:10.1587/transinf.2016inl0003 fatcat:vwvovpa4vzf67hv63x7qbcjaga

TKRD: Trusted kernel rootkit detection for cybersecurity of VMs based on machine learning and memory forensic analysis

Xiao Wang, Jianbiao Zhang, Ai Zhang, Jinchang Ren
2019 Mathematical Biosciences and Engineering  
The promotion of cloud computing makes the virtual machine (VM) increasingly a target of malware attacks in cybersecurity such as those by kernel rootkits.  ...  The experiment results show that the Random Forest classifier has the best performance which can effectively detect unknown kernel rootkits with an Accuracy of 0.986 and an AUC value (the area under the  ...  Acknowledgments This research was sponsored by the International Research Cooperation Seed Fund of Beijing University of Technology (No. 2018A01).  ... 
doi:10.3934/mbe.2019132 pmid:31137231 fatcat:bc3pkzw3lvge5fmk44qzydykmm
« Previous Showing results 1 — 15 out of 1,414 results