Contemporary malware authors attempt many ways to make its products "invisible" for antymalware programs, and after infection deeply conceal its operation from users sight. The presence of concealed malware can be detected many ways. Most of them operate "on demand" and provides high scanning overload of the system, blocking the chances for normal users operation. The paper presents new method of rootkit operation detection, suitable for continuous operation, based on the analysis of network activity pictures viewed from two sources (internal and external to system), along with the results of method tests on virtual machines infected with the selected rootkits code samples. © Springer-Verlag Berlin Heidelberg 2013.
CITATION STYLE
Skrzewski, M. (2013). Monitoring System’s Network Activity for Rootkit Malware Detection. In Communications in Computer and Information Science (Vol. 370 CCIS, pp. 157–165). Springer Verlag. https://doi.org/10.1007/978-3-642-38865-1_17
Mendeley helps you to discover research relevant for your work.