Conference Proceedings

A method for detecting Linux kernel moduler rootkits

IFIP International Federation for Information Processing (2007) 242 107-116
DOI: 10.1007/978-0-387-73742-3_7
5Citations
Citations of this article
13Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Several methods exist for detecting Linux kernel module (LKM) rootkits, most of which rely on a priori system-specific knowledge. We propose an alternative detection technique that only requires knowledge of the distribution of system call addresses in an uninfected system. Our technique relies on outlier analysis, a statistical technique that compares the distribution of system call addresses in a suspect system to that in a known uninfected system. Experimental results indicate that it is possible to detect LKM rootkits with a high degree of confidence. © 2007 International Federation for Information Processing.

Author supplied keywords

Cite

CITATION STYLE

APA

Wampler, D., & Graham, J. (2007). A method for detecting Linux kernel moduler rootkits. In IFIP International Federation for Information Processing (Vol. 242, pp. 107–116). https://doi.org/10.1007/978-0-387-73742-3_7

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free