A rule-based approach for rootkit detection

5Citations
Citations of this article
11Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Rootkits have become one of the major threats to computer security, while it is hard to be detected by common malware detection technologies. This paper introduces a rulebased approach for the rootkit detection. It is based on the fact that a rootkit must modify some data structures of a system so as to hide itself. But the modifications of data structure will necessarily lead to some inconsistencies in a system. By finding the inconsistencies in a system, we can detect the rootkit. Our approach has four main steps: (1) elaborately choose data structures in different layers of a system; (2) perform the same information-calculation process by using different layers of data structures respectively, and form a information space according to the result obtained after each calculation; (3) defines rules as invariants based on information spaces formed in step (2); (4) if these rules are held, the system is clean; otherwise the system is probably infected by a rootkit. © 2010 IEEE.

Author supplied keywords

Cite

CITATION STYLE

APA

Wang, J. (2010). A rule-based approach for rootkit detection. In ICIME 2010 - 2010 2nd IEEE International Conference on Information Management and Engineering (Vol. 3, pp. 405–408). https://doi.org/10.1109/ICIME.2010.5478178

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free